YoVDO

DNS in Enterprise IR Collection Analysis and Response

Offered By: YouTube

Tags

Conference Talks Courses Cybersecurity Courses Incident Response Courses DNS Courses DNS Tunneling Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore DNS in enterprise incident response, collection, analysis, and response in this 47-minute conference talk from Derbycon 2016. Delve into the importance of DNS and learn about various collection tools, including resolver logging, IDSS, and standalone DNS logging. Examine analysis techniques for fast-flux, DNS exfiltration/tunneling, DGA, and low prevalence domains. Discover common false positives and gain insights into Response Policy Zones (RPZ), their benefits, and potential pitfalls. Enhance your understanding of DNS infrastructure and its role in enterprise security.

Syllabus

Intro
Why care about DNS?
First a note about names
Collection Tools - Resolver logging
Collection Tools - IDSS
Collection Tools - Standalone DNS logging
Infrastructure
Analysis - fast-flux
Analysis - DNS Exfiltration/Tunneling
Analysis - DGA
Analysis - Low Prevalence Domains
Analysis - Common False Positives
RPZ Explained
What is RPZ good for?
RPZ Gotchas


Related Courses

Computer Security
Stanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network