Threat Hunting Using DNS
Instructor: Dr. Paul Vixie
Length: 2 Hours
Laptop, WiFi, dnsdbq Command Line DNSDB (see details below for download)
Every transaction on the Internet – good or bad – uses the Domain Name System (DNS). In this fast-paced, hands-on workshop, Farsight Security CEO Dr. Paul Vixie will teach the fundamental investigative techniques and methodology on how to use DNS to combat cyberattacks, from phishing to e-crime to nation-state attacks. This is a rare opportunity to take a “masterclass” from a top expert in the field and learn the proven techniques used by threat hunting teams, from banks to government agencies.
In this masterclass, you’ll:
LEARN: How to identify and map malicious infrastructures for different types of attacks, from nation-state to fraud, using DNS
DISCOVER: Popular investigative “pivot” techniques using DNS
UNLOCK: Additional information from common IoCs to advance your investigation
TROUBLESHOOT: Possible roadblocks when using DNS in investigations
To participate in the class, attendees should compile and install the programming tool dnsdbq Command Line DNSDB tool from GitHub. Every participant will need a laptop, on Wifi, running Windows, Mac/OS, BSD, or Linux. If they are using Windows, they must install the Microsoft Linux environment and the Ubuntu Linux that runs on it. They can find that install information in this Farsight blogpost, “Using Farsight’s dnsdbq Command Line DNSDB Tool in a Microsoft Windows Environment: The “Windows Subsystem for Linux” Option”
Dr. Paul Vixie Bio
Dr. Paul Vixie is an Internet pioneer. Currently, he is the Chairman, Chief Executive Officer and Cofounder of award-winning Farsight Security, Inc. He was inducted into the Internet Hall of Fame in 2014 for work related to DNS. Dr. Vixie is a prolific author of open source Internet software including BIND, and of many Internet standards documents concerning DNS and DNSSEC. In addition, he founded the first anti-spam company (MAPS, 1996), the first non-profit Internet infrastructure software company (ISC, 1994), and the first neutral and commercial Internet exchange (PAIX, 1991).
Dr. Vixie served on the ARIN Board of Trustees from 2005 to 2013, as ARIN Chairman in 2008 and 2009, and was a founding member of ICANN Root Server System Advisory Committee (RSSAC) and ICANN Security and Stability Advisory Committee (SSAC). He operated the ISC’s F-Root name server for many years, and is a member of Cogent’s C-Root team. Dr. Vixie is a sysadmin for Op-Sec-Trust. He earned his Ph.D. from Keio University for work related to DNS and DNSSEC in 2010. Dr. Vixie delivers keynote presentations at conferences around the world. Most recently, he spoke on at RSA USA 2020, NANOG77, AVAR 2019 Cybersecurity Conference, and EuroBSDcon 2019.