This means that the security department is not doing a good job: things like iodine can be detected easily by a NGFW or by an analysis on DNS logs. This is a quite basic security posture.

▲

EvanAnderson 3 days ago | parent | next [-]

Back when I was using it similarly to the other poster (say, 15 years ago) that wasn't the case. It's still a great litmus test of security posture today.

Just using DNS for data exfiltration, in general, is usually pretty fruitful. I wrote a "live off the land" data exfil script for Windows once, using the certutil and nslookup commands to base64 encode data and ship it out to my off-site DNS server.

I'll have to try it against a Palo Alto NGFW sometime and see what alarms I trip. I honestly never thought to try.

	▲	lormayna 2 days ago \| parent [-]
		That's make sense 15 years ago. Right now even the SOHO appliances have the DNS inspection feature.

▲

bongodongobob 3 days ago | parent | prev [-]

Lol no it isn't. Most companies don't even have MFA across the board, much less do anything with DNS security beyond maybe a blacklist.

	▲	lormayna 2 days ago \| parent [-]
		MFA is quite more complex to implement, especially if legacy applications are involved. Applying a basic DNS security monitoring is not hard, you can even implement with few policies on the border FW and something like an ELK stack. The most difficult part is implementing an appropriate process