A Domain Name System (DNS) request is the starting point for nearly everything that happens on the internet, and so it comes as little surprise that threat actors leverage the DNS protocol. There are a number of ways that DNS is abused, including DNS amplification, which is used for distributed denial-of-service attacks, and DNS hijacking, which is used to redirect a benign DNS request to a malicious domain. More advanced, more targeted, and less frequently encountered in the wild is DNS exfiltration.  \r\n High throughput DNS tunneling vs. low throughput DNS exfiltration \r\n Although the basic technique used for both high throughput DNS tunneling and low throughput DNS exfiltration is broadly similar, there are significant differences between them. In terms of similarities, both use the DNS protocol to transfer data that is unrelated to the DNS query, which is accomplished by appending the additional data to the DNS request.…