Learning Sliver C2 (05) - Transports in Detail: DNS

9 minute read Published:

A post about Sliver's DNS C2 protocol. I'll show how to use beacons compiled with DNS C2 endpoints and briefly touch upon the kind of traffic they generate. In contrast to HTTP C2 traffic though, DNS C2 traffic looks clearly malicious and cannot be modified to make it stealthy. Thus, a very quick look shall suffice. To enable you to try out DNS C2 in a lab, there is also some info DNS server configuration.
Sliver C2 This post is part of a tutorial blog post series on Sliver C2 (v1.5.16). For an overview: click here. Introduction In very restricted environments, your target machine may be unable to establish connections to the Internet directly. The previous post 04 - Transports in Detail: HTTP and HTTPS was about Sliver’s HTTP-based C2 protocols, which may allow to get a C2 callback nevertheless if the target can send HTTP requests out via a proxy.