DIY DNS DFIR: You’re Doing it WRONG: Threat Hunting Summit 2016
DNS is one of those protocols that we, as DFIR practitioners, take for granted. Operationally, if DNS resolution is working properly, we’re happy. Many organizations, however, fail to utilize DNS logs and associated intelligence within their response and investigative activities. This is in part due to the perceived lack of value associated with DNS logs and its associated features, such as name server, WHOIS, and hosting information, and more often due to the unavailability of the logs. This talk will present several tools (both commercial and open source) to help manage the deluge of information on even the smallest of budgets. We will also discuss how to enrich your data with valuable intelligence from freely available sources. Finally, this talk will highlight some real-world investigative techniques where DNS and its associated features were
used to add clarity to DFIR investigations.
Andrew Hay, CISO, DataGravity, Inc.
Andrew Hay
DataGravity, Inc. @andrewsmhay
Andrew Hay is the CISO at DataGravity where he is responsible for the development and delivery of the company’s comprehensive information security strategy. Prior to that, Andrew was the Director of Research at OpenDNS (acquired by Cisco) and was the Director of Applied Security Research and Chief Evangelist at CloudPassage.
ATTEND THE 2017 THREAT HUNTING SUMMIT: http://dfir.to/ThreatHunting2017
SANS THREAT HUNTING AND INCIDENT RESPONSE COURSES
FOR508: Digital Forensics, Incident Response, & Threat Hunting: http://sans.org/FOR508
FOR572: Network Forensics: http://sans.org/FOR572
FOR578: Cyber Threat Intelligence: http://sans.org/FOR578
Видео DIY DNS DFIR: You’re Doing it WRONG: Threat Hunting Summit 2016 канала SANS Digital Forensics and Incident Response
used to add clarity to DFIR investigations.
Andrew Hay, CISO, DataGravity, Inc.
Andrew Hay
DataGravity, Inc. @andrewsmhay
Andrew Hay is the CISO at DataGravity where he is responsible for the development and delivery of the company’s comprehensive information security strategy. Prior to that, Andrew was the Director of Research at OpenDNS (acquired by Cisco) and was the Director of Applied Security Research and Chief Evangelist at CloudPassage.
ATTEND THE 2017 THREAT HUNTING SUMMIT: http://dfir.to/ThreatHunting2017
SANS THREAT HUNTING AND INCIDENT RESPONSE COURSES
FOR508: Digital Forensics, Incident Response, & Threat Hunting: http://sans.org/FOR508
FOR572: Network Forensics: http://sans.org/FOR572
FOR578: Cyber Threat Intelligence: http://sans.org/FOR578
Видео DIY DNS DFIR: You’re Doing it WRONG: Threat Hunting Summit 2016 канала SANS Digital Forensics and Incident Response
Показать
Комментарии отсутствуют
Информация о видео
13 августа 2016 г. 10:12:19
00:29:33
Другие видео канала
Real-Time Threat Hunting - SANS Threat Hunting & Incident Response Summit 2017DNS Security 101FOR508 - Advanced Incident Response and Threat Hunting Course Updates: Hunting GuideFind_Evil - Threat Hunting | SANS@MIC TalkEpisode 164: Collecting Machine Info on Mac - Part 1Threat Hunting with Network Flow - SANS Threat Hunting Summit 2017DNSplice: A New Tool to Deal with Those Super Ugly Microsoft DNS Logs - SANS DFIR Summit 2018How to Get Promoted: Developing Metrics to Show How Threat Intel Works - SANS CTI Summit 2019Tales from the Network Threat Hunting Trenches & AI Hunter DemoShould You Make Your Own VPN?Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK FrameworkCyber Threat Hunting: Identify and Hunt Down IntrudersUKNOF34 - Starting a wireless ISP by accident!When a WLAN Pro starts a WISP | Steve McKim | WLPC Phoenix 2018First Steps - Blender 2.80 FundamentalsAnalyzing Chinese Information Operations with Threat Intelligence | SANS CTI Summit 2021The Joy of Threat Landscaping | SANS CTI Summit 2021Open Source Tooling for Threat Analysis and Attack Surface ManagementThreat Intel for Everyone: Writing Like A Journalist To Produce Clear, Concise Reports | CTI SummitDownloading Games at 10 GIGABIT?