Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Episode 6 - Detecting DNS Covert Channels in the Wild (Part 2)

Jan 15, 2026 By Corelight In Corelight
In Episode 6 of Corelight DefeNDRs, we delve deeper into the fascinating world of DNS covert channels with Vern Paxson, our chief scientist and co-founder. Continuing from our previous discussion, Vern shares his insights on techniques developed to detect these stealthy channels utilized by intruders to evade security measures. We explore the innovative approach of leveraging time series analysis of DNS lookups, how to distinguish benign traffic from potential threats, and the real-world implications of our findings across significant datasets.
View Video
Domains, DNS and Forgotten Risks in Modern Security Stacks

Domains, DNS and Forgotten Risks in Modern Security Stacks

Jan 8, 2026 By SecuritySenses In SecuritySenses
When most cybersecurity teams map their threat landscape, they start with endpoints, users, cloud environments and network layers. It's a solid strategy - but it leaves one critical layer wide open: the domain and hosting infrastructure everything else depends on.
Read Post

Episode 5 - Detecting DNS Covert Channels in the Wild (Part 1)

Jan 1, 2026 By Corelight In Corelight
In Episode 5 of Corelight Defenders, I, Richard Bejtlich, engage with Corelight's co-founder and chief scientist, Vern Paxson, to delve into the intricate world of DNS covert channels. We explore how adversaries exploit DNS lookups to silently communicate within tightly controlled enterprise environments. Vern explains various methods attackers may use, from encoding data in seemingly benign domain names to manipulating the timing of requests. Our discussion highlights the challenges of detecting these covert channels, especially in the presence of network monitoring.
View Video
manageengine

Threat intelligence, DNS detection and response, and DNS firewall: The future-proof defense every network needs

Sep 11, 2025 By Akshra GJ In ManageEngine
When it comes to incident response, every network admin knows the drill—endpoints trip alarms, firewalls block traffic, SOC dashboards light up with alerts. But the real story almost always starts earlier—in DNS. Long before malware detonates or data leaves the building, an attack whispers its intent in a query. Newly registered domains, fast-flux campaigns, suspicious TXT lookups—in all of these actions, DNS is where adversaries test the waters.
Read Post
manageengine

DDI Central 5.5 is here-with DNS threat intelligence, OpManager Plus integration, and more!

Sep 3, 2025 By Akshra GJ In ManageEngine
We’re excited to announce the launch of DDI Central version 5.5, a release shaped by the most demanded features from our customers and the ever-growing need for stronger security at the core of enterprise networks. With this version, the spotlight is on security, resiliency, and device-diagnostics driven IP address management.
Read Post
netskope

DNS Tunneling: The Blind Spot in Your Network Security Strategy

Aug 26, 2025 By Hubert Lin In Netskope
The Domain Name System (DNS) is a critical component of internet infrastructure, responsible for translating human-readable domain names into IP addresses. However, the ubiquitous nature and often-overlooked security aspects of DNS make it a prime target for malicious actors. This blog post investigates the tools used for data exfiltration over DNS, the techniques involved, and the countermeasures to mitigate these threats.
Read Post
ionix

Remote DNS Manipulation at Scale: How IONIX Uncovered 20,000 Malicious Subdomains from a Single Abused NS Record

Aug 5, 2025 By Tal Zamir In IONIX
Our threat-hunting team just uncovered a mass-produced remote DNS-manipulation campaign that hijacked an entire nameserver (NS) delegation belonging to a Fortune 500 company. Within hours, the attacker used that foothold to create over 9,500 brand-new subdomains, all resolving to the same criminal infrastructure serving illicit gambling pages.
Read Post
centripetal

How CleanINTERNET DNS Stops DNS Tunneling Before It Starts

Jul 18, 2025 By Lauren Farrell In Centripetal
Modern cyber threats are increasingly stealthy. A favorite tactic? DNS tunneling—a method used to bypass traditional network security controls by hiding malicious traffic inside DNS queries and responses. This can be done by embedding or encoding command and control instructions or data within subdomains or DNS record fields like TXT, CNAME or other rarely used record types.
Read Post
manageengine

Top DNS resolver security threats you can't ignore in 2025: Expert guide and prevention tips

Jul 3, 2025 By aiswarya.gr@zohocorp.com In ManageEngine
DNS is often referred to as the internet’s phonebook, translating human-readable domain names into IP addresses. But this essential service also makes DNS a prime target for cyberattackers. With the increasing volume and sophistication of DNS-based threats, including DNS spoofing, cache poisoning, and DDoS attacks, it’s crucial to understand the risks involved.
Read Post

Onboarding DNS with Cloudflare

Jul 2, 2025 By Cloudflare In Cloudflare
A step-by-step walkthrough on how to onboard your DNS to Cloudflare. Learn how to seamlessly migrate, optimize performance and enhance security using Cloudflare’s powerful DNS features. Our expert will guide you through best practices, common pitfalls and advanced configurations to ensure a smooth transition. Whether you're new to Cloudflare or looking to refine your setup, this session will equip you with the knowledge to maximize reliability and speed.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.