Threat Hunting Using DNS

Threat Hunting Using DNS

Instructor: Dr. Paul Vixie

Length: 2 Hours

Equipment Required:

Laptop, WiFi, dnsdbq Command Line DNSDB (see details below for download)

Every transaction on the Internet – good or bad – uses the Domain Name System (DNS). In this fast-paced, hands-on workshop, Farsight Security CEO Dr. Paul Vixie will teach the fundamental investigative techniques and methodology on how to use DNS to combat cyberattacks, from phishing to e-crime to nation-state attacks. This is a rare opportunity to take a “masterclass” from a top expert in the field and learn the proven techniques used by threat hunting teams, from banks to government agencies.

In this masterclass, you’ll:

LEARN: How to identify and map malicious infrastructures for different types of attacks, from nation-state to fraud, using DNS

DISCOVER: Popular investigative “pivot” techniques using DNS

UNLOCK: Additional information from common IoCs to advance your investigation

TROUBLESHOOT: Possible roadblocks when using DNS in investigations

To participate in the class, attendees should compile and install the programming tool dnsdbq Command Line DNSDB tool from GitHub. Every participant will need a laptop, on Wifi, running Windows, Mac/OS, BSD, or Linux. If they are using Windows, they must install the Microsoft Linux environment and the Ubuntu Linux that runs on it. They can find that install information in this Farsight blogpost, “Using Farsight’s dnsdbq Command Line DNSDB Tool in a Microsoft Windows Environment: The “Windows Subsystem for Linux” Option”

https://www.farsightsecurity.com/txt-record/2018/03/15/stsauver-WSL/.

Dr. Paul Vixie Bio

Dr. Paul Vixie is an Internet pioneer. Currently, he is the Chairman, Chief Executive Officer and Cofounder of award-winning Farsight Security, Inc. He was inducted into the Internet Hall of Fame in 2014 for work related to DNS. Dr. Vixie is a prolific author of open source Internet software including BIND, and of many Internet standards documents concerning DNS and DNSSEC. In addition, he founded the first anti-spam company (MAPS, 1996), the first non-profit Internet infrastructure software company (ISC, 1994), and the first neutral and commercial Internet exchange (PAIX, 1991).

Dr. Vixie served on the ARIN Board of Trustees from 2005 to 2013, as ARIN Chairman in 2008 and 2009, and was a founding member of ICANN Root Server System Advisory Committee (RSSAC) and ICANN Security and Stability Advisory Committee (SSAC). He operated the ISC’s F-Root name server for many years, and is a member of Cogent’s C-Root team. Dr. Vixie is a sysadmin for Op-Sec-Trust. He earned his Ph.D. from Keio University for work related to DNS and DNSSEC in 2010. Dr. Vixie delivers keynote presentations at conferences around the world. Most recently, he spoke on at RSA USA 2020, NANOG77, AVAR 2019 Cybersecurity Conference, and EuroBSDcon 2019.