Explore the intricacies of DNS security in this 48-minute conference talk from DerbyCon 4. Delve into various DNS request types, cross-site scripting vulnerabilities in logs, SQL injection techniques, and the often-overlooked Gopher protocol. Examine the potential risks of shell injection and gain insights into DNS rebinding attacks. Analyze the DNS protocol, traffic forwarding methods, and shellcode payloads. Learn to detect and mitigate these threats to enhance your network's security posture.
Overview
Syllabus
Intro
You know the drill...
Things I'm going to talk about
Request types
The scenario...
Cross-site scripting in logs?
SQL Injection
Interesting sidenote... Gopher!
Shell injection - result?
DNS Re-binding summary
The protocol
Traffic forwarding
Shellcode (aka, exploit payload)
Detection
