Intro Doing exfiltration over DNS isn’t a new concept but recently there’s been lots of people jumping on the DNS-over-HTTP(s)[3] bandwagon, which adds an interesting new layer to an existing TTP. This blog post is simply an aim to prove it’s possibility. We’re going to start with existing code using a DOH server and client written by Star Brilliant[1]. This server and client are setup in a way that makes for easy testing where they allow the traffic to passthrough.
