Description: DNS is an often-overlooked and under-tooled area of security data collection, analysis and response. We will first review existing tools and deployment choices for collecting DNS data and release the 1.0 version of my own network DNS capture tool, gopassivedns. We will then explore several example analytical approaches to large scale DNS data, including approaches to finding DNS tunneling and discovering attacker infrastructure. Finally, we take a look at how DNS can play a part in remediation and release a second tool, a RESTful interface to RPZ, goRPZ. Attendees will walk away able to implement or improve DNS collection and analysis in their environments.
Philip leads security at Coinbase, where he is continually amazed at the amount of attacker effort and creativity inspired by half a billion dollars of cryptocurrency. Philip also enjoys spending time with his family and making delicious smoked meats.
For More information Please Visit:- https://www.derbycon.com/
http://www.irongeek.com/i.php?page=videos/derbycon6/mainlist
Tags:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.