DNS as a Remote Shell
This lab exercise is designed to allow the trainee to become familiar with recognizing remote shells that operate using well known ports such as DNS.
Introduction: The DNS as a Remote Shell lab is a premium Cybrary lab intended for students at the intermediate level. This lab teaches students how to open a packet capture (pcap) file in Wireshark, filter the traffic stream, and examine DNS traffic for potentially malicious activity. These tasks will help students learn to identify malicious traffic occurring on the network. This is important to the work roles of Cyber Defense Analyst, Cyber Defense Incident Responder, Law Enforcement/Counterintelligence Forensic Analyst, Network Operations Specialist, and System Administrator. Upon completion of this lab, the student will be able to use Wireshark to examine pcap files for potentially malicious activity.
Skill/Activity Breakdown The DNS as a Remote Shell lab requires students to use Wireshark to perform packet-level analysis. This develops the skill of performing packet-level analysis using appropriate tools. This skill is important for the Law Enforcement/Counterintelligence Forensics Analyst work role.
The lab also requires users to examine DNS traffic for potentially malicious activity. This helps develop knowledge of network protocols. This skill is important for the Cyber Defense Analyst, Cyber Defense Incident Responder, and System Administrator work roles.
The DNS as a Remote Shell lab introduces using Wireshark to analyze packet capture files. The student will use Wireshark to open and analyze a previously captured pcap file. The student will learn to apply filters to packet captures to look for specific activity. A general DNS filter and filters for DNS source and destination traffic will be applied. The student will also learn how to follow a traffic stream to look for malicious activity. The student could extend this lab by installing Wireshark on a personal device to examine DNS traffic.
By completing the DNS as a Remote Shell lab, the student will learn how to perform packet analysis in Wireshark, filter traffic, and examine a traffic stream. Learning these skills will help students differentiate between normal and malicious network traffic. This is important for many roles in cybersecurity.
Conclusion: The DNS as a Remote Shell lab is presented by Cybrary and was created by CYBRScore. This lab develops skill in understanding network protocols and performing packet-level analysis. This lab would be beneficial for students on the Become a Cyber Security Engineer, Become a Security Operations Center (SOC) Analyst, and Become a Network Engineer career paths. Completing the lab means the students can perform basic packet capture analysis using Wireshark and examine suspicious DNS traffic.
Click on the DNS as a Remote Shell lab to learn how to use Wireshark to examine a packet capture for suspicious DNS traffic.