Multivariate Solutions to Emerging Passive DNS Challenges

Explore emerging challenges in passive DNS threat intelligence and learn advanced multivariate techniques to overcome them in this 58-minute Black Hat conference talk by Paul Vixie. Delve into complex scenarios where traditional "guilt by association" methods fall short, such as domains sharing name servers with thousands of legitimate sites. Discover how to combine passive DNS data with multiple attributes to effectively identify related malicious domains. Gain insights into topics like reverse proxies, public suffix lists, domain big data, controlled substances, spam detection, and the impact of surveillance capitalism on threat analysis. Master practical strategies to enhance your threat intelligence capabilities and stay ahead of evolving DNS-based threats.

Intro
Examples
The Attacker
The Most Unique Search
Who Is
Reverse Proxy
Example
Public Suffix List
Domain Big Data
Controlled Substances
Spam
Helios
Related Sites
IP Address List
Data Science
Recursive Server
Surveillance Capitalism
Apple Pie
Questions