Document Type

Project

Lead Author Type

CIS Masters Student

Advisors

Dr. Andrew Kalafut, kalafuta@gvsu.edu

Embargo Period

3-8-2021

Keywords

DNS, Domain Name System, DoS, DoS Attack, Denial-Of-Service, Cybersecurity, Windows Server, Server 2016, Windows, Active Directory, Windows 10, Python, PowerShell, SysPrep, Vulnerability, CVE, CVSS, Microsoft, Hyper-V, VM, Virtual Machine, Dynamic RAM, Differencing Disk, Registry, TCP, UDP, Domain, SIGRed

Abstract

There has been a tremendous emphasis on cybersecurity in recent times in order to protect corporations from cyber criminals. One common attack that is often used by cybercriminals is a Denial-of-Service (DoS) attack. In 2015, a report concluded that over a 12-month period, the costs related to DoS attacks average around “$1.5 million” [1], and the average cost per attack was $349,800. The goal of this research was to exploit a Microsoft vulnerability that was published on July 14, 2020. The Microsoft vulnerability lies in the Windows Domain Name System (DNS) Server and affects all Windows Server versions. In order to exploit the vulnerability, an attacker could issue a malicious request to a vulnerable Windows DNS server.

A proof of concept (POC) was obtained, but in order to simulate the vulnerability, I first created an IT infrastructure. The infrastructure was created using Virtual Machines (VMs) in a computer running Windows Server 2016 Datacenter Edition. A new domain needed to be created by first setting up a domain controller that also acted as the primary DNS server (i.e. the target). PowerShell scripts were also created in order to facilitate the creation of additional VMs, including the attacker DNS server. Once the test environment was complete, the POC was successful, and I was able to compromise the DNS server based on the Microsoft vulnerability, SIGRed.

Share

COinS