Threat Hunting via DNS with Eric Conrad - SANS Blue Team Summit 2020
Вставка
- Опубліковано 17 лис 2024
- DNS logs are one of the most powerful threat hunting resources, but encryption is rapidly changing that equation.
Key DNS threat hunting techniques include detecting DNS tunneling and Domain Generation Algorithms (DGAs). It used to be simple(r): log DNS requests and responses on DNS forwarders, or sniff and analyze via tools like Zeek.
DNS over TLS (DoT) and DNS over HTTPS (DoH) are disrupting the status quo: where does that leave network defenders? This talk will analyze the current state of DNS monitoring, and provide actionable steps for detecting malice on your network via DNS.
Eric Conrad @eric_conrad Fellow, SANS Institute
This man is part of the 1% of individuals. Highly intelligent, charismatic, easy to understand. Great talk, thank you!
look, i don't usually fanboy over security instructors... but when i do it's eric conrad.
Eric - You are amazing 🤩. Thank you 🙏 for everything you do for the Cyber community.
NULL records… taking that one home. Never knew about that
Your course on Building your own cyber lab is awesome.
@@sidss007 which one?
@@vonniehudson hi I'm dusty
Sir Eric - You are amazing in your teaching method i am fun.
I'm not going to get into the encrypted DNS debate - gets into the debate :D great talk btw!
Is this the Nelson Sullivan’s Eric?