As part of my Ph.D. I’ve been looking at existing DNS-based covert channels in order to profile their behaviours with a view to developing a detector or filter. I have examined a few variations including DNScat and IODINE. Both of these implementations are fairly robust but IODINE is the more complete and reliable of the toolsRead more »

{Will update this as I go…} My recent work has focused on a particular form of DNS-based covert channel that encodes its payload into the slack space in DNS query names. Each ASCII character in a domain name is stored as 8 bits and is referred to as an octet. A fully qualified domain name (FQDN)Read more »