Explore DNS in enterprise incident response, collection, analysis, and response in this 47-minute conference talk from Derbycon 2016. Delve into the importance of DNS and learn about various collection tools, including resolver logging, IDSS, and standalone DNS logging. Examine analysis techniques for fast-flux, DNS exfiltration/tunneling, DGA, and low prevalence domains. Discover common false positives and gain insights into Response Policy Zones (RPZ), their benefits, and potential pitfalls. Enhance your understanding of DNS infrastructure and its role in enterprise security.
DNS in Enterprise IR Collection Analysis and Response