DNS Hijacking Foren...
 
Notifications
Clear all

DNS Hijacking Forensics

3 Posts
2 Users
0 Likes
333 Views
(@tinybrain)
Posts: 354
Reputable Member
Topic starter
 

Recent developments got us a job of investigating how to detect and forensically evident collect DNS hijacking. To start see here and reference to this doc

https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html

Lets discuss where to get data for court. Who did an investigation like this?

 
Posted : 02/03/2019 3:54 pm
(@tinybrain)
Posts: 354
Reputable Member
Topic starter
 

Technique 1 is based on LE certs to change the A records. TALOS has documented it in detail, see here

https://blog.talosintelligence.com/2018/11/dnspionage-campaign-targets-middle-east.html

Where to collect logs and record data for court?

 
Posted : 03/03/2019 3:43 am
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

For no apparent reason

No!
February 2019

Geoff Huston
What part of “No!” doesn’t the DNS understand?

http//www.potaroo.net/ispcol/2019-02/nxd.html

jaclaz

 
Posted : 05/03/2019 10:09 am
Share: