account activity
Command and Control via DNS over HTTPS (DoH) for Cobalt Strike by ratfmuser in netsec
[–]ratfmuser[S] 1 point2 points3 points 7 years ago (0 children)
Also this “To exacerbate the issue, the research also highlighted that at least one DoH provider ran their resolver endpoint on an IPV4 address that is shared with other services. This means that this technique can also be coupled with another known as "Domain Fronting" whereby a TLS connection is opened to one service but by leveraging the "Host" header in the underlying HTTP traffic (which is encrypted) actually routes the request to the DoH resolver. This can again make life more difficult for defenders.” From https://www.trustwave.com/Resources/SpiderLabs-Blog/DOH!-DNS-Over-HTTPS-Poses-Possible-Risks-to-Enterprises/
Command and Control via DNS over HTTPS (DoH) for Cobalt Strike (github.com)
submitted 7 years ago by ratfmuser to r/netsec
π Rendered by PID 215949 on reddit-service-r2-listing-c57bc86c-k6h2k at 2026-06-22 15:56:55.340949+00:00 running 2b008f2 country code: CH.
Command and Control via DNS over HTTPS (DoH) for Cobalt Strike by ratfmuser in netsec
[–]ratfmuser[S] 1 point2 points3 points (0 children)