security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d4bd69dd77bb77a896a9211c8d363928c3e220fd
blue-team-tools/rules
T
History
Nate Guagenti d4bd69dd77 Suspicious DNS Z Flag Set 
The DNS Z flag is bit within the DNS protocol header that is, per the IETF design, meant to be used reserved (unused). Although recently it has been used in DNSSec, the value being set to anything other than 0 should be rare. Otherwise if it is set to non 0 and DNSSec is being used, then excluding the legitimate domains is low effort and high reward.
references:
  - 'https://twitter.com/neu5ron/status/1346245602502443009'
  - 'https://tools.ietf.org/html/rfc2929#section-2.1'
  - 'https://www.netresec.com/?page=Blog&month=2021-01&post=Finding-Targeted-SUNBURST-Victims-with-pDNS'
2021-05-04 18:13:08 -04:00
..
application
Fixed my git issue
2020-09-13 22:03:04 -06:00
apt
fixing test runner issues
2020-09-15 15:45:33 -06:00
cloud
Merge branch 'oscd'
2021-03-02 22:58:41 +03:00
compliance
Fixed my git issue
2020-09-13 22:03:04 -06:00
generic
Fixed my git issue
2020-09-13 22:03:04 -06:00
linux
refactor: extended shellshock rule
2021-04-28 11:47:24 +02:00
network
Suspicious DNS Z Flag Set
2021-05-04 18:13:08 -04:00
proxy
Merge branch 'oscd'
2021-03-02 22:58:41 +03:00
web
Clean up: Webshell ReGeorg Detection
2021-04-05 13:01:10 -04:00
windows
Merge pull request #1430 from Scoubi/patch-1
2021-05-04 12:27:56 +02:00