9th Annual Security Conference
I will have two papers included in the proceedings of the 9th Annual Security Conference in Las Vegas, Nevada. The first paper is a study on using n-gram frequency analysis to detect several of the most common DNS tunnels. The second paper describes a novel method of exfiltrating data over DNS that requires no additional software or privileges. After the presentations take place, I will post more thoroughly about both of them.
I also have several very interesting projects in the works that I think will blow this stuff away.
On the detection side, I am working on two tools: one that provides visualizations and comparisons of DNS traffic against a legitimate "fingerprint" of typical DNS traffic, and one tool that attempts to detect unsual DNS traffic in real-time. This will include character frequency analysis, and "unusual" packet formations.
On the other end, I am working on a "new breed" of DNS tunnel that is starting to show some real potential. While I am not going into much detail on it now, I hope to submit it to Black Hat 2010 sometime in April.
