A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Detecting DNS Anomalies with Statistics - Jamie Buening (Circle City Con 2017 Videos) (Hacking Illustrated Series InfoSec Tutorial Videos)

Detecting DNS Anomalies with Statistics
Jamie Buening

JamieBuening
Circle City Con 2017

Defending against attackers has become increasingly difficult. Solutions using signature based detection such as IPS and anti-virus are still needed, but no longer prevent all malware or virus infections. What can be done to improve the ability to prevent attackers from completing their objectives? One option is to proactively look for them. This talk will discuss options for analyzing DNS logs with a goal of identifying anomalies. DNS is a foundational technology that allows the internet to function and is present in practically every network. Malicious actors are using DNS for command and control as well as data exfiltration. Using some basic statistics it is possible to identify anomalies in DNS traffic. These anomalous events can be evaluated to identify potentially malicious activity. Come see and hear about specific examples in finding DNS anomalies. Attendees will leave with new knowledge and ideas that can be used with their own data.

Jamie Buening is a graduate of Purdue University with sixteen years of work experience in UNIX systems, networking, and information security. He currently works as an Information Security Analyst in the electric power industry. Responsibilities include Threat Intelligence and Incident Response. Jamie is a Certified Information Systems Security Professional (CISSP).

Back to Circle City Con 2017 Videos list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast