Today, Sven Schlueter, Head of our Assurance team in Germany, released a blog on 'DNSWatch - When a full DNS tunnel is just too much'.
The blog post provides insight into extracting data from a network and proving that it is possible in various different ways. One common and very well-known way to do this is to ex-filtrate data using DNS tunnels. Sven makes reference to previous engagements whereby we’ve looked into options about how to quickly identify if DNS tunneling is possible during a penetration test.
He reviews several ideas and existing tools, but states that none of them are flexible enough to do what was needed. That's when he came up with the simple idea of DNSWatch.