Sign up to save your podcasts
Or
Share Inside the DNS Battlefield: Malware, Tunnels & the Future of Network Defense
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Inside the DNS Battlefield: Malware, Tunnels & the Future of Network Defense
Attackers are getting smarter—and the protocol they rely on most isn’t what you think.
In this powerful conversation, David Redekop and Johannes Weber break down how modern malware abuses DNS, why attackers prefer DNS tunneling and exfiltration, and the defensive strategies every organization needs in 2026.
Johannes brings decades of hands‑on experience as a network security specialist, consultant, packet analyst, and educator. Together, they trace the full threat landscape around DNS and explore the evolving tools, behaviors, and techniques shaping the defender’s playbook.
⏱️ Chapters & Key Moments
00:00 – Why 90% of malware still depends on DNS
01:00 – A fun start: German names, dual identities & cultural overlaps
03:00 – Johannes’ origin story: LAN parties → network engineer → security consultant
06:00 – You don’t need to code to thrive in network security
07:00 – DNS basics: recursive resolvers vs. authoritative servers
08:00 – How attackers abuse DNS “as designed”
10:30 – Lookalike domains & deceptive URL patterns
11:00 – DGAs (Domain Generation Algorithms) explained
12:00 – Newly registered vs. newly observed domains
14:00 – Aging domains & reputation‑based defense
15:00 – DNS exfiltration: how attackers sneak data out
16:00 – Step‑by‑step breakdown of DNS exfiltration
18:00 – DNS tunneling: when attackers turn DNS into a VPN
19:00 – Why signature‑based defenses fail
21:00 – Deep Query Inspection & entropy analysis
22:00 – Where DNS security belongs in your architecture
24:00 – TXT, NULL, A/AAAA abuse & blocking strategies
27:00 – DNS spoofing & cache poisoning
30:00 – DNSSEC: authentication vs. confidentiality
33:00 – DOH/DOT: privacy vs. visibility
36:00 – TLS interception & enterprise tradeoffs
39:00 – Securing roaming users in a VPN‑less world
41:00 – What Pi‑hole solves at home (and what it won’t)
43:00 – Johannes’ favorite tools: DNSViz, DNSDiag, DNSPing
44:30 – The Ultimate PCAP collection (15 years, 90+ protocols)
46:00 – Why Johannes teaches — and the next generation of defenders
48:00 – Closing thoughts & community resources
🛠️ Mentioned Tools & Resources
DNSViz – DNS trust visualization
DNSDiag / DNSPing – Resolver latency + diagnostic toolkit
Iodine / DNScat2 / DNS‑tunnel tools – Examples of DNS tunneling tech
Ultimate PCAP Collection (Johannes’ blog) – 15 years of protocols for Wireshark training
If this helped sharpen your defender instincts:
👍 Like this video to support the channel
🔔 Subscribe for more real‑world security insights
💬 Share your biggest DNS takeaway in the comments
🔗 Send this episode to a teammate or friend who works in network security
Together, we make the internet harder to attack — and easier to defend.#CyberSecurity #DNS #DNSSecurity #MalwareAnalysis #DNSExfiltration #DNSTunneling #DNSSEC #DOH #NetworkDefense #PacketAnalysis #Infosec #SecurityPodcast #BlueTeam
View all episodes
By David RedekopAttackers are getting smarter—and the protocol they rely on most isn’t what you think.
In this powerful conversation, David Redekop and Johannes Weber break down how modern malware abuses DNS, why attackers prefer DNS tunneling and exfiltration, and the defensive strategies every organization needs in 2026.
Johannes brings decades of hands‑on experience as a network security specialist, consultant, packet analyst, and educator. Together, they trace the full threat landscape around DNS and explore the evolving tools, behaviors, and techniques shaping the defender’s playbook.
⏱️ Chapters & Key Moments
00:00 – Why 90% of malware still depends on DNS
01:00 – A fun start: German names, dual identities & cultural overlaps
03:00 – Johannes’ origin story: LAN parties → network engineer → security consultant
06:00 – You don’t need to code to thrive in network security
07:00 – DNS basics: recursive resolvers vs. authoritative servers
08:00 – How attackers abuse DNS “as designed”
10:30 – Lookalike domains & deceptive URL patterns
11:00 – DGAs (Domain Generation Algorithms) explained
12:00 – Newly registered vs. newly observed domains
14:00 – Aging domains & reputation‑based defense
15:00 – DNS exfiltration: how attackers sneak data out
16:00 – Step‑by‑step breakdown of DNS exfiltration
18:00 – DNS tunneling: when attackers turn DNS into a VPN
19:00 – Why signature‑based defenses fail
21:00 – Deep Query Inspection & entropy analysis
22:00 – Where DNS security belongs in your architecture
24:00 – TXT, NULL, A/AAAA abuse & blocking strategies
27:00 – DNS spoofing & cache poisoning
30:00 – DNSSEC: authentication vs. confidentiality
33:00 – DOH/DOT: privacy vs. visibility
36:00 – TLS interception & enterprise tradeoffs
39:00 – Securing roaming users in a VPN‑less world
41:00 – What Pi‑hole solves at home (and what it won’t)
43:00 – Johannes’ favorite tools: DNSViz, DNSDiag, DNSPing
44:30 – The Ultimate PCAP collection (15 years, 90+ protocols)
46:00 – Why Johannes teaches — and the next generation of defenders
48:00 – Closing thoughts & community resources
🛠️ Mentioned Tools & Resources
DNSViz – DNS trust visualization
DNSDiag / DNSPing – Resolver latency + diagnostic toolkit
Iodine / DNScat2 / DNS‑tunnel tools – Examples of DNS tunneling tech
Ultimate PCAP Collection (Johannes’ blog) – 15 years of protocols for Wireshark training
If this helped sharpen your defender instincts:
👍 Like this video to support the channel
🔔 Subscribe for more real‑world security insights
💬 Share your biggest DNS takeaway in the comments
🔗 Send this episode to a teammate or friend who works in network security
Together, we make the internet harder to attack — and easier to defend.#CyberSecurity #DNS #DNSSecurity #MalwareAnalysis #DNSExfiltration #DNSTunneling #DNSSEC #DOH #NetworkDefense #PacketAnalysis #Infosec #SecurityPodcast #BlueTeam