In today's episode of "Can It Run Doom": DNS fucking TXT records.

Some absolute madlad (cough Adam Rice cough) compressed the entire shareware DOOM WAD, split it into around 1,964 chunks, shoved them into Cloudflare TXT records, and wrote a PowerShell script that reassembles and runs the whole goddamn game from DNS queries alone. Nothing touches disk. The DLLs are in DNS. THE FUCKING DLLS ARE IN DNS.

RFC 1035 was written in 1987. Those engineers are spinning in their graves fast enough to generate municipal power.

Bonus: this is a fully functional globally-distributed covert data exfil channel that your NGFW will never fucking see if you're not doing deep DNS inspection. Sleep well.

blog: https://blog.rice.is/post/doom-over-dns/

repo: https://github.com/resumex/doom-over-dns

Also lmao @ every blue team that has never once looked at their DNS query volume. How's that DLP policy working out for you.

It was always DNS.

#infosec #dns #doom #itisalwaysdns

Does your ISP support IPv6?

Boosts welcome.

whenever i do security audit work on site, there are two tools that always come with me these days, such are the times in which we live:

1) modified orbic hotspot running eff’s rayhunter, to flag stingray devices in proximity

2) tiny little esp32 running flock-you, the flock camera detector, so i can let folks know they are close by

https://www.eff.org/deeplinks/2025/03/meet-rayhunter-new-open-source-tool-eff-detect-cellular-spying

https://github.com/colonelpanichacks/flock-you

two little bits of gear running great open source projects that can expose the unseen risks that may be floating around out there

#infosec

RE: https://infosec.exchange/@SecurityWriter/115969540425890734

To build on what was said below, your whole online existence is essentially three things combined:

1 - Your email account or mail server where you can get password resets.
2 - DNS that protects the mail server from being impersonated.
3 - Your domain WWW server that can publish records that your domain registrar or certificate authority trusts when issuing certificates.

If you lose control of your email account or mail server, people can password reset their way into all of your account unless you have some strong second factor as a security key. If you have a secondary email recovery account that would be vulnerable. It could possibly be used to bypass your second factor.

If you lose control of your DNS server or your registrar account, then people can impersonate your services such as your web server or mail server for account recovery. A DNS attack could completely remove your existing servers and point traffic to malicious ones as well.

Finally if you lose control of you web server then it could be used to publish .well-known files used for identity verification with certificate authorities, spread malicious files, your imagination is the limit.

As you can see DNS and email are critical. Today everybody outsources their DNS and email. Choose how you manage these as if your identity, finances, and company depend on them.

Basically no one controls their own identities. By running your own email or DNS servers the third-party doctrine would not apply to you, and you would get notice that something was going on with law enforcement.