Blumira Resources & Blog

Detecting DNS Tunneling: The Light At The End

Written by Erica Mixon | Feb 8, 2022 8:25:18 PM

A DNS attack is a costly and increasingly common method for threat actors to infiltrate your network — can your organization protect itself?  

DNS tunneling, or C2 tunneling, is a malware technique that allows an attacker to establish a command-and-control (C2) channel to a victim’s system. This backdoor allows attackers to perform different types of malicious behavior such as data theft and malware installation.

But how can you protect your organization against this type of attack, and how is this attack evolving? In this panel, security experts from Blumira and DNSFilter will tackle not only how to detect (and protect against) C2 tunneling, but will also delve into why this attack is becoming popular at this moment. You’ll learn: 

  • How C2 tunneling differs from other attack methods
  • Stories of C2 tunneling from the experts
  • Tangible steps you can take to defend against DNS tunneling

This interactive, conversational-style session encourages questions and engagement with viewers – so sign up today for access to our security experts.

Participants

Amanda Berlin, Lead Incident Detection Engineer, Blumira

Based in Ohio, Amanda is a highly accomplished network defender well-regarded throughout the Midwest infosec community. She’s spent the last three years with NetWorks Group’s MDR team and Blumira, while most recently as a Sr. Incident Detection Engineer specializing in threat detection research as well as SecOps. Amanda serves as the founder and CEO of Mental Health Hackers, a nonprofit dedicated to providing education and guidance to tech workers around mental health topics. Amanda is also the co-host of the Brakeing Down Security podcast. She is the author of a Blue Team best practices book called “Defensive Security Handbook: Best Practices for Securing Infrastructure” with Lee Brotherston through O’Reilly Media.

Brian Laskowski, Incident Detection Engineer, Blumira

Brian has 5 years of experience in IT, with prior work including linux systems administration to most recently leading the threat intelligence program at the State of Michigan security operations center. Other areas of focus have included, incident response, threat hunting, memory analysis, adversary emulation, and SOC metrics. Brian currently holds SANS certifications for the GCIH, GCTI, and most recently the GDAT.

Peter Lowe, Head of Domain Intelligence, DNSFilter

Peter Lowe is the Head of Domain Intelligence at DNSFilter. Peter has been in the tech industry for over 25 years at various companies throughout Europe, and currently enjoys the Mediterranean lifestyle while working hard at keeping everyone protected online. He also runs a personal blocklist that is used in UblockOrigin, and believes that a secure online experience should be the default for everyone on the Internet. Peter is passionate about end user privacy.

Alex Applegate, Threat Researcher, DNSFilter

Alex Applegate is a Threat Researcher at DNSFilter who has over 25 years of experience in the tech industry. He has also worked as a software engineer, incident responder, threat hunter, intelligence analyst, and educator. Alex has investigated hundreds of pieces of malware across many platforms, and has written or reviewed just as many malware detection rules. Alex has contributed content to articles that have appeared in Bloomberg and the New York Times. His focus lies in the intersection of threat intelligence, knowledge systems, solving puzzles, and sometimes includes languages as well.