A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


DNS in Enterprise IR: Collection, Analysis and Response - Philip Martin Derbycon 2016 (Hacking Illustrated Series InfoSec Tutorial Videos)

DNS in Enterprise IR: Collection, Analysis and Response
Philip Martin
Derbycon 2016

DNS is an often-overlooked and under-tooled area of security data collection, analysis and response. We will first review existing tools and deployment choices for collecting DNS data and release the 1.0 version of my own network DNS capture tool, gopassivedns. We will then explore several example analytical approaches to large scale DNS data, including approaches to finding DNS tunneling and discovering attacker infrastructure. Finally, we take a look at how DNS can play a part in remediation and release a second tool, a RESTful interface to RPZ, goRPZ. Attendees will walk away able to implement or improve DNS collection and analysis in their environments.

Philip leads security at Coinbase, where he is continually amazed at the amount of attacker effort and creativity inspired by half a billion dollars of cryptocurrency. Philip also enjoys spending time with his family and making delicious smoked meats.

@SecurityGuyPhil

Back to Derbycon 2016 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast