DNS Scraping for Corporate AV Detection


Rob Dixon [ @304geek ] from AccuvantLABS published small but simple tool writen in bash called Scrape-DNS which can be used for quering cached DNS entries in search for malware and other "bad" sites. Short exerpt from 304geeks blog post:
"Back at my old job, we used cache snooping techniques (Scraping) to check for evidence of client systems that were attempting to resolve known malware sites.

We would use the list at Mayhemiclabs.com and compare it to our cached DNS entries.

So, why don't we do something badass like that, but to support the penetration test or red team mission?

Using standard cache snooping techniques you can determine what anti-virus vendors might be in use on a clients network.

HOW? Simple. By making non-recursive queries to the client's DNS servers for known AV update site domains.

Yes, it is that simple.
 

To query cached DNS entries, you need only to make a NON-recursive request a target DNS server..."

[Download]

Original post: http://304geeks.blogspot.com/

Labels:

About ""

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vivamus suscipit, augue quis mattis gravida, est dolor elementum felis, sed vehicula metus quam a mi. Praesent dolor felis, consectetur nec convallis vitae.

0 comments:

Never Forget To Say Thanks :D

Subscribe to: Post Comments (Atom)
Copyright © 2013 Hacking Tools and Tech eBooks Collection and Blogger Templates - Anime OST.