Главная
Study mode:
on
1
Intro
2
Why care about DNS?
3
First a note about names
4
Collection Tools - Resolver logging
5
Collection Tools - IDSS
6
Collection Tools - Standalone DNS logging
7
Infrastructure
8
Analysis - fast-flux
9
Analysis - DNS Exfiltration/Tunneling
10
Analysis - DGA
11
Analysis - Low Prevalence Domains
12
Analysis - Common False Positives
13
RPZ Explained
14
What is RPZ good for?
15
RPZ Gotchas
Description:
Explore DNS in enterprise incident response, collection, analysis, and response in this 47-minute conference talk from Derbycon 2016. Delve into the importance of DNS and learn about various collection tools, including resolver logging, IDSS, and standalone DNS logging. Examine analysis techniques for fast-flux, DNS exfiltration/tunneling, DGA, and low prevalence domains. Discover common false positives and gain insights into Response Policy Zones (RPZ), their benefits, and potential pitfalls. Enhance your understanding of DNS infrastructure and its role in enterprise security.

DNS in Enterprise IR Collection Analysis and Response

Add to list