DNS threat hunting | SANSMIC Talk

DNS threat hunting | SANSMIC Talk

HomeSANS InstituteDNS threat hunting | SANSMIC Talk
SANS Institute Available on Youtube Published 4 years ago
DNS threat hunting | SANSMIC Talk
ChannelPublish DateThumbnail & View CountDownload Video
Channel AvatarPublish Date not found Thumbnail
0 Views
View on YouTube Download Video
DNS protocols are one of the most effective resources for hunting for threats, but encryption is rapidly changing that equation.

Key DNS threat hunting techniques include detecting DNS tunneling and Domain Generation Algorithms (DGAs). It used to be simpler (or easier): logging DNS requests and responses on DNS forwarders or tracking and analyzing them with tools like Zeek.

DNS over TLS (DoT) and DNS over HTTPS (DoH) are disrupting the status quo: What does this mean for network defenders? This talk will analyze the current state of DNS monitoring and describe practical steps to detect malware on your network via DNS.

Speaker biography:
Certified SANS Instructor Eric Conrad's career began in 1991 as a Unix systems administrator for a small oceanographic communications company. He has gained experience in a variety of industries, including research, education, energy, Internet, and healthcare, working with companies such as Mitsubishi Electric Research Labs, Boston University, The Open Group, Navipath, and Caritas Christi Health Care. Today, he is an independent information security consultant focusing on intrusion detection, incident response, and penetration testing. He is a graduate of the SANS Technology Institute with a Master of Science in Information Security Engineering. In addition to the CISSP, he holds the prestigious GIAC Security Expert (GSE) certification, as well as the GIAC GPEN, GCIH, GCIA, GCFA, GAWN, and GSEC certifications. He is the co-author of SANS HIPAA Security Implementation. Eric also blogs about information security at http://www.ericconrad.com.

About SANS:
SANS is the most trusted and by far the largest source of information security training and security certifications in the world. In addition, the company develops, maintains and makes available free of charge the largest collection of research documents on various aspects of information security and operates the Internet's early warning system – the Internet Storm Center.

Please take the opportunity to connect with your friends and family and share this video with them if you find it useful.