YoVDO

DNS in Enterprise IR Collection Analysis and Response

Offered By: YouTube

Tags

Conference Talks Courses Cybersecurity Courses Incident Response Courses DNS Courses DNS Tunneling Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore DNS in enterprise incident response, collection, analysis, and response in this 47-minute conference talk from Derbycon 2016. Delve into the importance of DNS and learn about various collection tools, including resolver logging, IDSS, and standalone DNS logging. Examine analysis techniques for fast-flux, DNS exfiltration/tunneling, DGA, and low prevalence domains. Discover common false positives and gain insights into Response Policy Zones (RPZ), their benefits, and potential pitfalls. Enhance your understanding of DNS infrastructure and its role in enterprise security.

Syllabus

Intro
Why care about DNS?
First a note about names
Collection Tools - Resolver logging
Collection Tools - IDSS
Collection Tools - Standalone DNS logging
Infrastructure
Analysis - fast-flux
Analysis - DNS Exfiltration/Tunneling
Analysis - DGA
Analysis - Low Prevalence Domains
Analysis - Common False Positives
RPZ Explained
What is RPZ good for?
RPZ Gotchas


Related Courses

Implementing DNS in Microsoft Windows Server
Microsoft via edX Networking for Web Developers
Udacity Microsoft Windows Server 2012 Fundamentals: DNS
Microsoft via edX Windows Server 2016: Basic Networking
Microsoft via edX The Bits and Bytes of Computer Networking
Google via Coursera