Ways to use Passive DNS: Penetration TesterAugust 13, 2018
Passive DNS has the potential to assist various IT security roles, including Penetration Testers. Take a look at the highlights below to get a clear understanding of how Passive DNS can provide you with deeper insights into the security of the networks you are evaluating.
Search for all the DNS records relating to the subnets of the domain you are investigating, to highlight what different functions the servers are being used for. Things to look out for:
- A host named “firewall.yourcustomerdomain.com” suggests a high likelihood that this is the firewall, allowing you to select the relevant testing tools you should be using on this type of domain.
- A host named “webdevel.anothersite.com” is likely to be a domain where development is run from, and could yield some interesting penetration results.
- Look for any IP addresses running live versions of outdated software – this has the potential to increase the attack surface.
Using the information gathered in the above steps, you may uncover subnets which exist as part of the infrastructure, which you weren’t aware of, but are of interest to you. Use Passive DNS to drill down into the newly discovered networks.