Hi Guys, Long Time ago since I wrote here. but normally I like to talk about things I face problem with or feel like it will add value to the user. otherwise I’ll skip it and let the news or people in infosec talk about. anyway, today I have a really simple subject concept wise but a powerful technique, and deadly if it over looked! since this technique can be used by Malware creators or anyone want to bypass the local DNS available. lets start simple, DNS is a huge database containing domains and its corresponding IPs. for example you want to access “almorabea.net” you will type the domain and the DNS will look the IP address, for the site so it can connect to simple right

So it is just a translation process. and it uses port 53 TCP/UDP , So if I want to access any site I’ll pay DNS service a visit, and then I will be redirected to the site, in other words my footprint will be in the DNS record. because I just asked it for a record. but what if I ignored all of this, and used HTTPS to make a request to public DNS service, and got the results I need to be redirected to the site I want to visit, and my footprints are not available on my local DNS. This kind of technique can be used by Malware Creators to hide their actual destination, or can get the IPs of websites that already blocked in your environment, and all of this will be done through HTTPS on port 443 so you will not be suspicious of any weird behavior. I made a small video explaining the whole situation, this is not all maybe I’ll explain more about the topic on upcoming posts but for now enjoy the video