Hello, welcome to the Tuesday, January 26, 2021 edition of the Sandton and Storm Center's Stormcast.

My name is Johannes Ulrich.

And then I'm recording from Jacksonville, Florida.

Rob today is writing about an NMAP NSE script that allows you to look for DNS over HDPS endpoints. About a week ago,

Guy did report about seeing scans for DNS over HDPS endpoints. And of course, the reason behind

these scans is that people set up their own private DNS over HDPS servers.

And in your corporate environment,

you probably want to make sure that if you have any servers like that,

that they are authorized.

And of course, just like when you're passively looking at DNS over HDPS

traffic, if you're scanning for these servers, well, they respond

just like any other HDPS server.

What Rob is doing here is sending an actual DNS over HGPS request to the most common

URLs used by these servers DNS dash query and then looking for an appropriate response.

DNS over HPS requests could either be sent in binary or JSON.

Common DNS over HPS servers do process both.

So for simplicity, Rob here is using the JSON variant of the queries. So this

should find anybody using standard off-the-shelf software to implement DNS over a GPS server.

But of course, attackers or malicious insiders for that matter could always set up a custom server that does not necessarily

follow these conventions. And software security company Sonatape got lucky again, and I guess

with that, also a number of Node.js developers got lucky by Sonathepe identifying three

different packages that contained additional malicious code.

...