Evaluate your Perimeter Security against Data Exfiltration
A typical insider data breach might go like this: the attacker registers a new, unused domain, sets up a custom DNS name server under their control, and allows the domain to be passively categorised as benign. During the zero-hour window, before threat intelligence feeds catch on, the insider begins encoding and transmitting sensitive data through outbound DNS queries. The organisation sees only routine DNS traffic, while critical data is siphoned off—undetected, unlogged, and uninterrupted.
DNS Tunneling Simulation
Simulation Instructions
Before testing, ensure your SWG and DLP controls are fully enforced on swgaudit.com, including DNS inspection and outbound content policies. This simulation uploads a file using DNS tunnelling, mimicking stealth exfiltration. The file is deleted from the server after 10 minutes.
If no data is received, or transmission is disrupted mid-way, your perimeter security has passed.
If the full file is exfiltrated, your perimeter security has failed.
Your Perimeter Security Failed
File upload to the server should have been blocked.