dns-cache-detection
CommunityDetect DNS cache threats with TTL analysis.
Authorchenchunrun
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Detect DNS cache threats inside enterprise networks by analyzing TTL differences and RD=0 probing to identify cached-domain hits linked to potential C2 activity.
Core Features & Use Cases
- Lightweight, no log access required threat detection on internal DNS servers.
- Detects potential C2 beaconing and malicious domain access through TTL-based cache snooping.
- Real-world use: continuous monitoring of corporate DNS to surface suspicious domain activity and trigger alerts.
Quick Start
Run the V2 quick-detection pipeline against your enterprise DNS using the provided config_soe.yaml.
Dependency Matrix
Required Modules
dnspythonpyyamlrequests
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: dns-cache-detection Download link: https://github.com/chenchunrun/onyx-soc/archive/main.zip#dns-cache-detection Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.