A penetration tester is attempting to exfiltrate sensitive data from a client environment without alerting the client's blue team. Which of the following exfiltration methods most likely remain undetected?
The Domain Name System (DNS) is commonly used for covert exfiltration because it is an essential protocol in most networks and is less likely to be scrutinized compared to other methods. Here's how DNS exfiltration works:
Mechanism:
Data is encoded into DNS queries or responses, such as using subdomain fields to transmit sensitive information.
These queries are sent to a malicious DNS server controlled by the attacker, allowing data to bypass traditional detection mechanisms.
Why It Remains Undetected:
DNS traffic is frequently allowed and not as heavily monitored compared to other channels like HTTP or email.
Network security tools often prioritize operational DNS traffic, making detection of anomalies more challenging.
CompTIA Pentest+ References:
Domain 3.0 (Attacks and Exploits)
Domain 5.0 (Reporting and Communication)
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit