dns-sd

Created by Brendan Chamberlain (@infosecB)

Description

dns-sd can be used to interact with the Multicast DNS (mDNS) and DNS Service Discovery (DNS-SD) protocols. The tool is useful for administrators but can also be abused by malicious actors to discover local network services.

Created	Tactics	Tags
2023-05-19	Discovery	network

Paths

/usr/bin/dns-sd

Use Cases

Discover SSH hosts

Hosts serving SSH can be discovered using the _ssh._tcp service string.

dns-sd -B _ssh._tcp

Discover web hosts

Hosts serving web services can be discovered using the _http._tcp service string.

dns-sd -B _http._tcp

Hosts serving remote screen sharing can be discovered using the _rfb._tcp service string.

dns-sd -B _rfb._tcp

Discover hosts serving SMB

Hosts serving SMB can be discovered using the _smb._tcp service string.

dns-sd -B _smb._tcp

Detections

Jamf Protect: Detect dns-sd discovery activity

Resources

What does APT Activity Look Like on macOS?
mDNS / Bonjour Bible - List of Common Service Strings for various vendors

Acknowledgements

Chris Ross, Cedric Owens: Farming The Apple Orchards: Living Off The Land Techniques

dns-sd #

Description ##

Paths ##

Use Cases ##

Discover SSH hosts ##

Discover web hosts ##

Discover hosts serving remote screen sharing ##

Discover hosts serving SMB ##

Detections ##

Resources ##

Acknowledgements ##