In today's episode of "Can It Run Doom": DNS fucking TXT records.

Some absolute madlad (cough Adam Rice cough) compressed the entire shareware DOOM WAD, split it into around 1,964 chunks, shoved them into Cloudflare TXT records, and wrote a PowerShell script that reassembles and runs the whole goddamn game from DNS queries alone. Nothing touches disk. The DLLs are in DNS. THE FUCKING DLLS ARE IN DNS.

RFC 1035 was written in 1987. Those engineers are spinning in their graves fast enough to generate municipal power.

Bonus: this is a fully functional globally-distributed covert data exfil channel that your NGFW will never fucking see if you're not doing deep DNS inspection. Sleep well.

blog: https://blog.rice.is/post/doom-over-dns/

repo: https://github.com/resumex/doom-over-dns

Also lmao @ every blue team that has never once looked at their DNS query volume. How's that DLP policy working out for you.

It was always DNS.

#infosec #dns #doom #itisalwaysdns

Just so we're clear -- the law Israel just passed mandating death by hanging for Palestinians is apartheid.

It. Is. Apartheid.

Israel does not punish Israelis who kill Palestinians. Instead, Israel has illegally detained more than 10,000 Palestinians, including 1000 children, without charge or conviction. These are hostages held without access to counsel in concentration camps.

This. Is. Apartheid. Any politician or journalist who cannot acknowledge that is complicit. Period.

#PSA: posting photos and videos of your kids online ensures they'll never be able to meaningfully opt out of privacy invasion.

80% of children have an online presence by age two, with parents sharing an average of 1,500 images before their fifth birthday. —2017, Northumbria University

By the age of 13, children have had an average of 1,300 photos and videos of themselves posted to social media by their parents. —2018, UK Children's Commissioner

#Privacy #DataPrivacy