Using Splunk to Detect DNS Tunneling

DNS tunneling is a method to bypass security controls and exfiltrate data from a targeted organization. Choose any endpoint on your organization's network, using nslookup, perform an A record lookup for If it resolves with the site's IP address, that endpoint is susceptible to DNS...
Steve Jaworski
June 1, 2016

All papers are copyrighted. No re-posting of papers is permitted