Threat Hunting via DNS with Eric Conrad - SANS Blue Team Summit 2020

preview_player
Показать описание
DNS logs are one of the most powerful threat hunting resources, but encryption is rapidly changing that equation.
Key DNS threat hunting techniques include detecting DNS tunneling and Domain Generation Algorithms (DGAs). It used to be simple(r): log DNS requests and responses on DNS forwarders, or sniff and analyze via tools like Zeek.

DNS over TLS (DoT) and DNS over HTTPS (DoH) are disrupting the status quo: where does that leave network defenders? This talk will analyze the current state of DNS monitoring, and provide actionable steps for detecting malice on your network via DNS.

Eric Conrad @eric_conrad Fellow, SANS Institute
  1. SANS Cyber Defense
Рекомендации по теме
Threat Hunting via 0:54:56

Threat Hunting via DNS with Eric Conrad - SANS Blue Team Summit 2020

Threat Hunting via 0:56:04

Threat Hunting via DNS | SANS@MIC Talk

WORKSHOP: Threat Hunting 1:03:54

WORKSHOP: Threat Hunting using Active and Passive DNS | DomainTools | WWHF Deadwood 2022

DIY DNS DFIR: 0:29:33

DIY DNS DFIR: You’re Doing it WRONG: Threat Hunting Summit 2016

Threat Hunting Shorts 0:10:16

Threat Hunting Shorts - C2 over DNS | Chris Brenton

Cybersecurity Threat Hunting 0:06:51

Cybersecurity Threat Hunting Explained

Uncovering and Visualizing 0:28:36

Uncovering and Visualizing Malicious Infrastructure - SANS Threat Hunting Summit 2018

Threat Hunting with 0:18:30

Threat Hunting with Network Flow - SANS Threat Hunting Summit 2017

Threat Hunting via 0:51:01

Threat Hunting via Sysmon - SANS Blue Team Summit

Threat Hunting Using 0:42:02

Threat Hunting Using DNSTwist CyberChef DeepBlueCLI Teler

Network Threat Hunting 0:11:38

Network Threat Hunting Made Easy (Finding Hackers)

Expanding The Hunt: 0:23:19

Expanding The Hunt: A Case Study in Pivoting Using Passive DNS and Full PCAP - SANS DFIR Summit 2016

WORKSHOP: Advanced Passive 1:42:10

WORKSHOP: Advanced Passive DNS Search Techniques for Cyber Investigations | DomainTools | WWHF &apos...

My “Aha!” Moment 0:33:41

My “Aha!” Moment - Methods, Tips, & Lessons Learned in Threat Hunting - SANS THIR Summit 2019...

How to threat 0:32:06

How to threat hunt in your SIEM with the right network data

2024-04-12 Cyber Threat 4:40:12

2024-04-12 Cyber Threat Hunting Level 1 - Chris Brenton

Eduard Kiiko and 0:35:42

Eduard Kiiko and Danial Zhuravchak - Threat Hunting: DNS security

Keynote: Threat Hunting: 0:43:34

Keynote: Threat Hunting: Old Data, New Tricks!

Understanding Sysmon & 0:57:52

Understanding Sysmon & Threat Hunting with A Cybersecurity Specialist & Incident Detection E...

Threat Hunting Beacon 0:48:00

Threat Hunting Beacon Analysis

DNS Tunneling Explained 0:00:54

DNS Tunneling Explained

Data matters: More 0:26:38

Data matters: More effective threat hunting and defense with internet scan data

The Basics of 0:58:44

The Basics of the Threat Hunting Process with Security Weekly and LogRhythm

Advanced Threat Hunting: 0:11:00

Advanced Threat Hunting: Checking IPs returned by DNS Queries with 'COVID and Corona'

Комментарии
Автор

This man is part of the 1% of individuals. Highly intelligent, charismatic, easy to understand. Great talk, thank you!

NeonNotch
Автор

Eric - You are amazing 🤩. Thank you 🙏 for everything you do for the Cyber community.

Francois-B-Arthanas
Автор

I'm not going to get into the encrypted DNS debate - gets into the debate :D great talk btw!

sammo
Автор

NULL records… taking that one home. Never knew about that

vonniehudson
Автор

Sir Eric - You are amazing in your teaching method i am fun.

mohammadaassif