A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


DNS Miner, A semi-automatic Incident response and threat intelligence tool for small, over worked security teams - Doug Leece AJ Leece Derbycon 2015 (Hacking Illustrated Series InfoSec Tutorial Videos)

DNS Miner, A semi-automatic Incident response and threat intelligence tool for small, over worked security teams
Doug Leece AJ Leece
Derbycon 2015

In recent years, the increased onset of modern malware has led to managers questioning how secure are these environments are from a variety of attackers. As an administrator's time is typically constrained, it's essential that a toolset provide increased visibility and ease of use, while generating information that is valuable to both technical and business stakeholders alike. IP address information alone is not adequate since modern attacks are typically leveraging DNS to hide in low cost hosted environments. DNS Miner seeks to provide visibility into an organization's DNS activity. By combining up-to-date threat intelligence feeds, with the ability to compare existing endpoint DNS activity against newly blacklisted entries; DNS Miner can minimize the time needed to investigate potential incidents, allowing administrators to more accurately determine which of endpoints have accessed potentially malicious domains without disclosing that information outside the organization. This toolset was designed to be highly customizable by security administrators, which allows for greater control over the functionality, and reporting capabilities in order to properly align with business objectives. Effective incident response also requires containment mechanisms for newly identified security incidents that may be unique to the organization, I.E, not on any common public threat intelligence feed.

Doug Leece an information security professional from Calgary Alberta with over 20 years of experience in telephony, information systems and security as well as an attendee and promoter of DerbyCon since year 1. A system and network administrator dating back to the times when security was just part of the job instead of a separate department, Mr. Leece began full time security consulting in 2006. Clientele has ranged from small not for profit to fortune 500 in various industries including oil & gas, retail, transportation, public utilities, health, education, government and two gaming clients. Credentials include CISSP, GCFA, GREM,GNFA, GWAPT CRISC, CISA as well as a collection of vendor specific certifications achieved over the years from Cisco, Checkpoint, Microsoft, RSA, NeuSecure and Juniper AJ Leece, A.J has been in the IT security realm for about 3 years, and has a fairly extensive infrastructure monitoring and vulnerability assessment background with a mid-sized Canadian MSP. His infosec experience is hard won on the front lines of incident response for both customers and the internal organization. He brings to the project a large variety of interests including a deep interest in infosec with an ability to relate business to IT security outcomes. Credentials include SSCP, Bachelor of Computer Information Systems, business minor, ITIL and a preliminary collection of vendor certs to complete the eye chart on his business card.

Back to Derbycon 2015 video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast