DNSCat pcap analysis
Ikiwa una pcap yenye data inay exfiltrated na DNSCat (bila kutumia usimbuaji), unaweza kupata maudhui yaliyotolewa.
Unahitaji tu kujua kwamba bytes 9 za kwanza si data halisi bali zinahusiana na C&C communication:
Kwa maelezo zaidi: https://github.com/jrmdev/ctf-writeups/tree/master/bsidessf-2017/dnscap https://github.com/iagox86/dnscat2/blob/master/doc/protocol.md
Kuna script inayofanya kazi na Python3: https://github.com/josemlwdf/DNScat-Decoder
Last updated