Threat Hunting via DNS | SANS@MIC Talk

If you like what I do in hacking and want to support, I invite you to visit our store to buy cheap and exclusive nfts: https://mintable.app/u/cha0smagick



DNS logs are one of the most powerful threat hunting resources, but encryption is rapidly changing that equation.

Key DNS threat hunting techniques include detecting DNS tunneling and Domain Generation Algorithms (DGAs). It used to be simple(r): log DNS requests and responses on DNS forwarders, or sniff and analyze via tools like Zeek.

DNS over TLS (DoT) and DNS over HTTPS (DoH) are disrupting the status quo: where does that leave network defenders? This talk will analyze the current state of DNS monitoring, and provide actionable steps for detecting malice on your network via DNS.

Speaker Bio:
Certified SANS instructor Eric Conrad's career began in 1991 as a Unix sysadmin for a small oceanographic communications company. He gained experience in a variety of industries, including research, education, power, Internet, and healthcare, and has worked with companies such as Mitsubishi Electric Research Labs, Boston University, The Open Group, Navipath, and Caritas Christi Health Care. He is now an independent information security consultant focusing on intrusion detection, incident handling, and penetration testing. He is a graduate of the SANS Technology Institute with a Master of Science degree in information security engineering. In addition to the CISSP, he holds the prestigious GIAC Security Expert (GSE) certification as well as the GIAC GPEN, GCIH, GCIA, GCFA, GAWN, and GSEC certifications. He is a contributing author to SANS HIPAA Security Implementation. Eric also blogs about information security at http://www.ericconrad.com.



For more hacking info and tutorials visit: https://sectemple.blogspot.com/

Hello and welcome to the temple of cybersecurity. If you are looking for tutorials and all the news about the world of hacking and computer security, you have come to the right place. We invite you to subscribe to our newsletter in the box at the top and to follow us on our social networks:

Twitter: https://twitter.com/freakbizarro
Facebook: https://web.facebook.com/sectempleblogspotcom/
Discord: https://discord.gg/5SmaP39rdM

We also invite you to visit the other blogs in our network, where you can find something for every taste.
https://elantroposofista.blogspot.com/
https://gamingspeedrun.blogspot.com/
https://skatemutante.blogspot.com/
https://budoyartesmarciales.blogspot.com/
https://elrinconparanormal.blogspot.com/
https://freaktvseries.blogspot.com/

#hacking, #infosec, #tutorial, #bugbounty, #threathunting, #opensource, #pentest, #pentesting,

Comments