ATLSECCON 2025

DNS is a critical component of internet infrastructure, primarily known for resolving human-readable domain names into machine-readable IP addresses. However, its functionality extends beyond simple name resolution.  This talk exposes the hidden side of DNS, revealing how attackers can subtly manipulate its features, particularly TXT records, to achieve their malicious goals.  While most people in the information security realm are aware that DNS is a valid means of covert communication, not everyone fully understands how it works on a technical level. 


This presentation aims to educate attendees on exactly how DNS can and is used for both data infiltration and exfiltration, with coding examples, covering such topics as:

DNS Fundamentals: A clear explanation of how DNS operates, including the roles of different record types, and rhe query/response process.

Infiltration Techniques:  An in depth description of how DNS records can be used to covertly smuggle files into a secure, and sometimes segmented, network environment.


Exfiltration Techniques: Exploring how DNS requests can be leveraged to exfiltrate sensitive data out of an environment undetected.


EDR/AV Bypass: A high level overview of how DNS can be used to bypass a corporate security stack by keeping malicious code off disk and living in memory