DNS Channel and Temporal Agents with Core Impact

January 12, 2018


[[{"fid":"4864","view_mode":"default","fields":{"format":"default","field_file_image_alt_text[und][0][value]":false,"field_file_image_title_text[und][0][value]":false,"alignment":""},"link_text":null,"type":"media","field_deltas":{"1":{"format":"default","field_file_image_alt_text[und][0][value]":false,"field_file_image_title_text[und][0][value]":false}},"attributes":{"class":"media-element file-default","data-delta":"1"}}]]

In this video, we show how to set up a temporal agent using the DNS communication channel.

In order to mimic a client-side attack against a victim inside our restricted network, we'll use the "Server Agent in Web Server" module.

After selecting the proper architecture, we'll choose "DNS channel" as the communication mechanism for the agent.

As you can see, the only required configuration after selecting the use of "DNS channel" is the domain we'll use for it. In this case, we'll use "attacker.com".

Finally, before finishing with the module we'll select the expiration date for the agent. In this case, it will be Oct 20th.


We'll then mimic a user falling into a client-side attack by downloading and executing our packed agent.

After a few seconds, you'll see the agent connecting back to Impact's console and using the DNS channel. All communications are being handled using DNS traffic, as we have a fully functional agent installed inside our restricted network.

  • Penetration testing

Ready for a Demo?

Eliminate identity-related breaches with SecureAuth!