I’m trying to create a detection for the dnsrecon using the following command.
dnsrecon -d sampledomain
I have been trying to find out common content in the query and response packets captured through wireshark but no luck until now.
Can anyone suggest any leads on what to do in this case?
Any leads would be appreciated.