The presentation discusses the creation of an intelligence capability through DNS traffic analysis, which allows for the mapping of thousands of organizations and millions of endpoints. The vulnerability in DNS registration and dynamic DNS updates is exploited to gain access to this data.
- DNS traffic analysis can provide a wealth of information on organizations, including external and internal IP ranges, computer names, and network mapping
- A vulnerability in DNS registration and dynamic DNS updates allows for the hijacking of name servers and access to millions of endpoints
- The resulting intelligence capability can map thousands of organizations and provide valuable insights, such as identifying foreign assets control violations or subsidiaries in restricted countries
The speaker provides an example of mapping a top services company with over 40,000 endpoints spread around the world, including office branches and home locations of employees. The presentation also highlights the ability to zoom in on specific office locations and detect endpoints reporting from Iran, which could indicate a violation of sanctions.