Newly published research shows that the domain name system—a fundamental part of the web—can be exploited to hide malicious code and prompt injection attacks against chatbots.
When a remote code execution exploit is run, you often have a very limited payload you can deliver. Usually that means delivering a small downloader that then downloads and installs a backdoor from somewhere on the Internet
The standard counter-measure to protect your servers is to block all outbound traffic unless it’s to a known safe destination. Downloading the secondary payload over DNS gets around that since you can’t just block DNS. Tools to protect against this or DNS tunneling are still relatively new, so a lot of people haven’t implemented them yet.
When a remote code execution exploit is run, you often have a very limited payload you can deliver. Usually that means delivering a small downloader that then downloads and installs a backdoor from somewhere on the Internet
The standard counter-measure to protect your servers is to block all outbound traffic unless it’s to a known safe destination. Downloading the secondary payload over DNS gets around that since you can’t just block DNS. Tools to protect against this or DNS tunneling are still relatively new, so a lot of people haven’t implemented them yet.
Ah, interesting. Thanks