|
|
|
|
|
|
by KyleJ61782
2435 days ago
|
|
|
That was already a possibility even before all of this DoH publicity. Mozilla, etc. pushing DoH publicizes it's availability, but there was nothing in the past preventing malware from tunneling all sorts of traffic over HTTPS. DNS inspection isn't an end all, be all for malware security. It just gets the low hanging fruit. |
|
|
And even when they did, creating various C&C servers, the lack of ESNI would allow for detecting activity once the daily domain creation algorithm was reverse-engineered:
* https://blog.malwarebytes.com/security-world/2016/12/explain...