312-50V11 · Question #1013
Henry is a penetration tester who works for XYZ organization. While performing enumeration on a client organization, he queries the DNS server for a specific cached DNS record. Further, by using this
The correct answer is D. DNS cache poisoning. Querying a DNS resolver's cache to identify recently resolved domain names is a reconnaissance technique that reveals which external sites an organization's users have visited.
Question
Options
- ADNS zone walking
- BDNS cache snooping
- CDNS SEC zone walking
- DDNS cache poisoning
How the community answered
(56 responses)- A4% (2)
- B2% (1)
- C4% (2)
- D91% (51)
Why each option
Querying a DNS resolver's cache to identify recently resolved domain names is a reconnaissance technique that reveals which external sites an organization's users have visited.
DNS zone walking iterates through DNS zone records by exploiting NSEC record chaining in DNSSEC-signed zones to enumerate all hostnames in a zone, not querying cached resolver records for browsing activity.
DNS cache snooping is a closely related but distinct passive technique that infers recently visited sites by observing TTL values of cached records without injecting or modifying any data.
DNSSEC zone walking specifically abuses NSEC records in DNSSEC-protected zones to enumerate domain names sequentially, and is unrelated to reading a resolver's cache to profile user activity.
In this enumeration context, DNS cache poisoning describes an attacker interacting with a DNS server's cache to extract stored records that reflect recent user activity. By querying these cached entries, Henry passively profiles the organization's browsing patterns and internet-facing infrastructure without triggering active alerts on the target network.
Concept tested: DNS cache querying for organizational user activity enumeration
Source: https://attack.mitre.org/techniques/T1590/002/
Topics
Community Discussion
No community discussion yet for this question.