Threat Hunting via DNS with Eric Conrad - SANS Blue Team Summit 2020

Автор: SANS Cyber Defense

Загружено: 2020-07-08

Просмотров: 25129

Описание: DNS logs are one of the most powerful threat hunting resources, but encryption is rapidly changing that equation.
Key DNS threat hunting techniques include detecting DNS tunneling and Domain Generation Algorithms (DGAs). It used to be simple(r): log DNS requests and responses on DNS forwarders, or sniff and analyze via tools like Zeek.

DNS over TLS (DoT) and DNS over HTTPS (DoH) are disrupting the status quo: where does that leave network defenders? This talk will analyze the current state of DNS monitoring, and provide actionable steps for detecting malice on your network via DNS.

Eric Conrad @eric_conrad Fellow, SANS Institute

Не удается загрузить Youtube-плеер. Проверьте блокировку Youtube в вашей сети.
Повторяем попытку...

Threat Hunting via DNS with Eric Conrad - SANS Blue Team Summit 2020

Доступные форматы для скачивания:

Скачать видео

Информация по загрузке:

Скачать аудио

Похожие видео

Faster, Better, AND Cheaper: Improving security operations using open source tools

Faster, Better, AND Cheaper: Improving security operations using open source tools

Detecting Command and Control Frameworks via Sysmon and Windows Event Logging

Detecting Command and Control Frameworks via Sysmon and Windows Event Logging

Hunting for Suspicious HTTPS and TLS Connections

Hunting for Suspicious HTTPS and TLS Connections

What is DNS? (and how it makes the Internet work)

What is DNS? (and how it makes the Internet work)

Build it Once, Build it Right: Architecting for Detection - SANS Tactical Detection Summit 2018

Build it Once, Build it Right: Architecting for Detection - SANS Tactical Detection Summit 2018

Поиск угроз через Sysmon — саммит SANS Blue Team

Поиск угроз через Sysmon — саммит SANS Blue Team

Detect, Deny, and Disrupt with MITRE D3FEND

Detect, Deny, and Disrupt with MITRE D3FEND

Архитектура интернета и веба | Теоретический курс 2026

Архитектура интернета и веба | Теоретический курс 2026

Modern Phishing Tactics and How to Spot Them

Modern Phishing Tactics and How to Spot Them

Threat Hunting in Security Operation - SANS Threat Hunting Summit 2017

Threat Hunting in Security Operation - SANS Threat Hunting Summit 2017

Real Threat Hunting with AI and ML

Real Threat Hunting with AI and ML

Почему я бросил IT. Проблемы IT, о которых молчат на митапах – Фил Ранжин

Почему я бросил IT. Проблемы IT, о которых молчат на митапах – Фил Ранжин

Putting MITRE ATT&CK™ into Action with What You Have, Where You Are presented by Katie Nickels

Putting MITRE ATT&CK™ into Action with What You Have, Where You Are presented by Katie Nickels

My “Aha!” Moment - Methods, Tips, & Lessons Learned in Threat Hunting - SANS THIR Summit 2019

My “Aha!” Moment - Methods, Tips, & Lessons Learned in Threat Hunting - SANS THIR Summit 2019

Threat Hunting via DeepBlueCLI v3

Threat Hunting via DeepBlueCLI v3

Keynote: Cobalt Strike Threat Hunting | Chad Tilbury

Keynote: Cobalt Strike Threat Hunting | Chad Tilbury

How AI makes hackers smarter, and what the cybersecurity industry is doing to fight back

How AI makes hackers smarter, and what the cybersecurity industry is doing to fight back

Контроль сайтов и пользователей на Mikrotik: кто куда ходит

Контроль сайтов и пользователей на Mikrotik: кто куда ходит

Machine Learning with Zeek and Tensorflow (Part 2): Processing the Data

Machine Learning with Zeek and Tensorflow (Part 2): Processing the Data

КАК УСТРОЕН TCP/IP?

КАК УСТРОЕН TCP/IP?