Description: DNS logs are an often overlooked asset in identifying malware in your network. The purpose of this talk to identify malware in the network through establishing DNS query and response baselines, analysis of NXDOMAIN responses, analysis of successful DNS lookups, and identifying domain name anomalies. This talk will give you the basics of what to look for in you own unique environments.

Bio: “Nathan Magniez is a Senior Computer Network Operations (CNO) Instructor and Course Developer at TeleCommunication Systems’ Art of Exploitation Training Center in Hanover, MD. Nathan started his career in the United States Marines Corps. Originally trained as a Russian Cryptologic Linguist, he realized that his greatest potential and aptitude fell within Digital Network Exploitation (DNE). During his time in the Marine Corps, he served on tactical teams, at 2nd Radio Battalion in Camp Lejeune, that focused on the collection and exploitation of wired and wireless networks. Nathan also served as an Computer Network Operator for the Department of Defense. Prior to joining the TCS Cyber Intelligence Group, he worked at Qualys, Inc. on their team of Vulnerability Research and Detection engineers. Nathan worked as an Incident Responder and Special Investigator on the National Incident Response Team (NIRT) at the Federal Reserve Bank of New York and San Francisco in support of the United States Treasury. In addition to this role, Nathan also focused on Vulnerability Assessments and Penetration Testing. Nathan is also actively involved with Hackers For Charity. The program Hack Hunger directly funds and supplements HFC’s Food For Work program. TeleCommunication Systems’ Art of Exploitation is also the sponsor of the HFC Computer Training Center located in Jinja, Uganda. For more information on how to help HFC, please see: www.hackhunger.com www.hackersforcharity.org”

Back to Derbycon 2013 video list