search

USArmyResearchLab / Dshell

Dshell is a network forensic analysis framework.
Other
5.45k stars 1.15k forks source link

entropy and base64 #21

Closed bez0r closed 9 years ago

bez0r commented 9 years ago

Checking the entropy is a better start for DNS C2.

wglodek commented 9 years ago

@bez0r The innuendo-dns decoder was just a PoC based on specific details in the video. I agree checking the entropy may be a better/more general method to detect DNS C2. Instead of including the functionality in this decoder, could you create a DNS entropy detector?

bez0r commented 9 years ago

Sure On Feb 4, 2015 3:19 PM, "William Glodek" notifications@github.com wrote:

@bez0r https://github.com/bez0r The innuendo-dns decoder was just a PoC based on specific details in the video. I agree checking the entropy may be a better/more general method to detect DNS C2. Instead of including the functionality in this decoder, could you create a DNS entropy detector?

— Reply to this email directly or view it on GitHub https://github.com/USArmyResearchLab/Dshell/pull/21#issuecomment-72930739 .