DNS Command & Control: Detecting Malware Traffic
Автор: David Bombal
Загружено: 2026-02-22
Просмотров: 13529
Описание:
Big thank you to Infoblox for sponsoring this video. For more information on Infoblox have a look at their website: https://www.infoblox.com/
// Get Wireshark Certified //
Check out the official training course
📘 GET TRAINING:
https://courses.davidbombal.com/l/pdp...
Use code "WiresharkHack" to get a $50 discount
🔗 Learn more: https://wireshark.org/certifications
In this deep dive, David Bombal is joined by Wireshark expert Chris Greer to
strip down the most critical protocol on the internet: DNS. We move beyond the
theory to show you exactly what DNS looks like "on the wire." Chris reveals why a staggering 92% of malware uses DNS for Command and Control (C2) and how you can use packet analysis to detect these breaches before they spread. We also debunk common myths about DNS only using UDP, explore the "Librarian" analogy for Root Servers, and walk through a live capture of a request to a real website.
What You Will Learn:
•Malware Detection: Why 92% of malware relies on DNS and how to spot C2 traffic.
• Packet Anatomy: A line-by-line breakdown of DNS headers, Transaction IDs, and Flags in Wireshark.
• The TCP Myth: Why blocking TCP port 53 on your firewall can break yournetwork (and why DNS needs it).
• Troubleshooting: How to measure DNS latency (response time) to pinpoint
slow network performance.
• Recursive Lookups: Understanding the chain from your PC to the Root Servers and back.
// Chris Greer’s SOCIAL //
YouTube: / chrisgreer
Official WCA training: https://courses.davidbombal.com/l/pdp...
Use code "WiresharkHack" to get a $50 discount
LinkedIn: / cgreer
Website: https://packetpioneer.com/
// Download Wireshark pcaps from here //
https://github.com/packetpioneer/yout...
https://github.com/packetpioneer/yout...
https://www.wireshark.org/certificati...
https://packetschool.teachable.com/
// WCA Course REFERENCE//
Official WCA training: https://courses.davidbombal.com/l/pdp...
Use code "WiresharkHack" to get a $50 discount
// Chris’ DNS Series on YouTube ‘’
• Your First DNS Lookup—Captured and Explained
// Link to YouTube VIDEO:
• Видео
// David's SOCIAL //
Discord: / discord
X: / davidbombal
Instagram: / davidbombal
LinkedIn: / davidbombal
Facebook: / davidbombal.co
TikTok: / davidbombal
YouTube: / @davidbombal
Spotify: https://open.spotify.com/show/3f6k6gE...
SoundCloud: / davidbombal
Apple Podcast: https://podcasts.apple.com/us/podcast...
// MY STUFF //
https://www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: [email protected]
// MENU //
0:00 - Coming up
0:52 - More Wireshark! // It's always DNS
02:45 - Infoblox sponsored segment
03:37 - DNS basics in Wireshark // How DNS works
06:52 - Analysing the DNS packet capture
08:32 - Destination address explained
10:09 - Transaction ID explained
11:13 - Flags explained
13:26 - Questions, Answer RRs & Additional RRs explained
15:39 - Additional records explained
17:07 - Response walkthrough
19:24 - Real DNS packet capture walkthrough
21:17 - Quick Wireshark tip
22:32 - Walkthrough continued
25:55 - Going deeper // How DNS resolver works
32:41 - More on Chris Greer YouTube channel and more to come
35:36 - Conclusion
Please note that links listed may be affiliate links and provide me with a small percentage
/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
Disclaimer: This video is for educational purposes only.
#dns #infoblox #wireshark
Повторяем попытку...
Доступные форматы для скачивания:
Скачать видео
-
Информация по загрузке: