DNS in Enterprise IR Collection Analysis and Response
Offered By: YouTube
Course Description
Overview
Explore DNS in enterprise incident response, collection, analysis, and response in this 47-minute conference talk from Derbycon 2016. Delve into the importance of DNS and learn about various collection tools, including resolver logging, IDSS, and standalone DNS logging. Examine analysis techniques for fast-flux, DNS exfiltration/tunneling, DGA, and low prevalence domains. Discover common false positives and gain insights into Response Policy Zones (RPZ), their benefits, and potential pitfalls. Enhance your understanding of DNS infrastructure and its role in enterprise security.
Syllabus
Intro
Why care about DNS?
First a note about names
Collection Tools - Resolver logging
Collection Tools - IDSS
Collection Tools - Standalone DNS logging
Infrastructure
Analysis - fast-flux
Analysis - DNS Exfiltration/Tunneling
Analysis - DGA
Analysis - Low Prevalence Domains
Analysis - Common False Positives
RPZ Explained
What is RPZ good for?
RPZ Gotchas
Related Courses
Building Geospatial Apps on Postgres, PostGIS, & Citus at Large ScaleMicrosoft via YouTube Unlocking the Power of ML for Your JavaScript Applications with TensorFlow.js
TensorFlow via YouTube Managing the Reactive World with RxJava - Jake Wharton
ChariotSolutions via YouTube What's New in Grails 2.0
ChariotSolutions via YouTube Performance Analysis of Apache Spark and Presto in Cloud Environments
Databricks via YouTube