APT Attribution and DNS Profiling

Explore Advanced Persistent Threat (APT) attribution and DNS profiling in this 22-minute Black Hat conference talk. Delve into the organized and prolonged nature of APT attacks, focusing on their discernible attributes and patterns. Examine how APT attackers maintain redundant command and control networks through multiple DNS names. Investigate a study of malware samples from APT attack victims, revealing behavioral patterns in DNS domain registration and the use of stable DNS-IP pairs. Learn about an automated solution for collecting and storing open-source information on malware binaries, simplifying analysis tasks. Discover how to build and update a database of malicious DNS-IP pairs, "parked domains," and "whois information" for future analysis. Gain insights into using visualization tools like Maltego for identifying potential attacker identities or personas.

APT Attribution and DNS Profiling