Jeremy Kerwin

SIGRed - 17 Year old DNS Vulnerability

Discussion created by Jeremy Kerwin on Jul 14, 2020
Latest reply on Jul 31, 2020 by Drew Contractor

I'm sure many have heard about the recent DNS vulnerability titled SIGRed. This one looks pretty bad.

https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-se… 

 

I'm curious about how to best leverage NetWitness Logs Packets and Endpoint to best be prepared to detect and response to this sort of attack.

 

One of the detection suggestions is to detect large malformed DNS requests, is this easy to do with NW?

Outcomes