YoVDO

APT Attribution and DNS Profiling

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cybersecurity Courses DNS Courses Data Collection Courses Behavioral Patterns Courses Advanced Persistent Threats Courses

Course Description

Overview

Explore Advanced Persistent Threat (APT) attribution and DNS profiling in this 22-minute Black Hat conference talk. Delve into the organized and prolonged nature of APT attacks, focusing on their discernible attributes and patterns. Examine how APT attackers maintain redundant command and control networks through multiple DNS names. Investigate a study of malware samples from APT attack victims, revealing behavioral patterns in DNS domain registration and the use of stable DNS-IP pairs. Learn about an automated solution for collecting and storing open-source information on malware binaries, simplifying analysis tasks. Discover how to build and update a database of malicious DNS-IP pairs, "parked domains," and "whois information" for future analysis. Gain insights into using visualization tools like Maltego for identifying potential attacker identities or personas.

Syllabus

APT Attribution and DNS Profiling


Taught by

Black Hat

Related Courses

Computer Security
Stanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network