Threat Hunting via DNS with Eric Conrad - SANS Blue Team Summit 2020

Поделиться
HTML-код
  • Опубликовано: 7 июл 2020
  • DNS logs are one of the most powerful threat hunting resources, but encryption is rapidly changing that equation.
    Key DNS threat hunting techniques include detecting DNS tunneling and Domain Generation Algorithms (DGAs). It used to be simple(r): log DNS requests and responses on DNS forwarders, or sniff and analyze via tools like Zeek.
    DNS over TLS (DoT) and DNS over HTTPS (DoH) are disrupting the status quo: where does that leave network defenders? This talk will analyze the current state of DNS monitoring, and provide actionable steps for detecting malice on your network via DNS.
    Eric Conrad @eric_conrad Fellow, SANS Institute
  • НаукаНаука

Комментарии • 9

  • @NeonNotch
    @NeonNotch 2 года назад +13

    This man is part of the 1% of individuals. Highly intelligent, charismatic, easy to understand. Great talk, thank you!

  • @Francois-B-Arthanas
    @Francois-B-Arthanas 3 года назад +6

    Eric - You are amazing 🤩. Thank you 🙏 for everything you do for the Cyber community.

  • @vonniehudson
    @vonniehudson 2 года назад +5

    NULL records… taking that one home. Never knew about that

    • @sidss007
      @sidss007 2 года назад

      Your course on Building your own cyber lab is awesome.

    • @vonniehudson
      @vonniehudson 2 года назад +1

      @@sidss007 which one?

    • @dustyrose8010
      @dustyrose8010 Год назад

      @@vonniehudson hi I'm dusty

  • @sammo7877
    @sammo7877 2 года назад +3

    I'm not going to get into the encrypted DNS debate - gets into the debate :D great talk btw!

  • @mohammadaassif
    @mohammadaassif Год назад

    Sir Eric - You are amazing in your teaching method i am fun.

  • @mar002007
    @mar002007 2 года назад

    Is this the Nelson Sullivan’s Eric?

Следующие
Автовоспроизведение
Faster, Better, AND Cheaper: Improving security operations using open source tools59:14Faster, Better, AND Cheaper: Improving security operations using open source tools
Faster, Better, AND Cheaper: Improving security operations using open source toolsSANS Cyber Defense
Просмотров 13 тыс.
Relentless Defense - Rules for Security Operations That Keep Attackers Off Your Network31:01Relentless Defense - Rules for Security Operations That Keep Attackers Off Your Network
Relentless Defense - Rules for Security Operations That Keep Attackers Off Your NetworkSANS Cyber Defense
Просмотров 833
Threat Hunting via Sysmon - SANS Blue Team Summit51:01Threat Hunting via Sysmon - SANS Blue Team Summit
Threat Hunting via Sysmon - SANS Blue Team SummitSANS Institute
Просмотров 59 тыс.
I Built 100 Houses And Gave Them Away!09:36I Built 100 Houses And Gave Them Away!
I Built 100 Houses And Gave Them Away!MrBeast
Просмотров 72 млн
Primitive Technology: Polynesian Arrowroot Hashbrown09:37Primitive Technology: Polynesian Arrowroot Hashbrown
Primitive Technology: Polynesian Arrowroot HashbrownPrimitive Technology
Просмотров 372 тыс.
How I Robbed The 2024 Steam Summer Sale - Steam Is Perfectly Balanced With NO EXPLOITS...10:37How I Robbed The 2024 Steam Summer Sale - Steam Is Perfectly Balanced With NO EXPLOITS...
How I Robbed The 2024 Steam Summer Sale - Steam Is Perfectly Balanced With NO EXPLOITS...The Spiffing Brit
Просмотров 1,1 млн
Our First KISS At DISNEYLAND!18:01Our First KISS At DISNEYLAND!
Our First KISS At DISNEYLAND!Willito
Просмотров 430 тыс.
Threat Hunting via DNS | SANS@MIC Talk56:04Threat Hunting via DNS | SANS@MIC Talk
Threat Hunting via DNS | SANS@MIC TalkSANS Institute
Просмотров 8 тыс.
0x6 - A deep dive into DNS1:50:440x6 - A deep dive into DNS
0x6 - A deep dive into DNSShuffle Sharding
Просмотров 7 тыс.
My “Aha!” Moment - Methods, Tips, & Lessons Learned in Threat Hunting - SANS THIR Summit 201933:41My “Aha!” Moment - Methods, Tips, & Lessons Learned in Threat Hunting - SANS THIR Summit 2019
My “Aha!” Moment - Methods, Tips, & Lessons Learned in Threat Hunting - SANS THIR Summit 2019SANS Digital Forensics and Incident Response
Просмотров 14 тыс.
CSS2018LAS8: Incident Handling Process - SANS49:54CSS2018LAS8: Incident Handling Process - SANS
CSS2018LAS8: Incident Handling Process - SANSPublic Sector Partners, Inc
Просмотров 55 тыс.
SANS Webcast: Effective (Threat) Hunting Techniques54:01SANS Webcast: Effective (Threat) Hunting Techniques
SANS Webcast: Effective (Threat) Hunting TechniquesSANS EMEA
Просмотров 28 тыс.
Keynote: Cobalt Strike Threat Hunting | Chad Tilbury45:45Keynote: Cobalt Strike Threat Hunting | Chad Tilbury
Keynote: Cobalt Strike Threat Hunting | Chad TilburySANS Digital Forensics and Incident Response
Просмотров 30 тыс.
E10 Threat Hunting : All You Need to Know!49:55E10 Threat Hunting : All You Need to Know!
E10 Threat Hunting : All You Need to Know!Cyber from the Frontlines
Просмотров 176
Threat Hunting via DeepBlueCLI v359:16Threat Hunting via DeepBlueCLI v3
Threat Hunting via DeepBlueCLI v3SANS Cyber Defense
Просмотров 3,1 тыс.
Investigating WMI Attacks1:00:43Investigating WMI Attacks
Investigating WMI AttacksSANS Digital Forensics and Incident Response
Просмотров 26 тыс.
🤬Apple ХОЧЕТ чтобы iPhone ЛОМАЛИСЬ ЧАЩЕ🤑00:36🤬Apple ХОЧЕТ чтобы iPhone ЛОМАЛИСЬ ЧАЩЕ🤑
🤬Apple ХОЧЕТ чтобы iPhone ЛОМАЛИСЬ ЧАЩЕ🤑Pedant.ru
Просмотров 22 тыс.
IPHONE XR, 11, 12? ВЫБИРАЕМ БЮДЖЕТНЫЙ АЙФОН НА 2024 ГОД!16:44IPHONE XR, 11, 12? ВЫБИРАЕМ БЮДЖЕТНЫЙ АЙФОН НА 2024 ГОД!
IPHONE XR, 11, 12? ВЫБИРАЕМ БЮДЖЕТНЫЙ АЙФОН НА 2024 ГОД!DimaViper Live
Просмотров 42 тыс.
НЕДЕЛЯ с Realme GT6 - что они вообще себе ПОЗВОЛЯЮТ? | ЧЕСТНЫЙ ОТЗЫВ24:16НЕДЕЛЯ с Realme GT6 — что они вообще себе ПОЗВОЛЯЮТ? | ЧЕСТНЫЙ ОТЗЫВ
НЕДЕЛЯ с Realme GT6 - что они вообще себе ПОЗВОЛЯЮТ? | ЧЕСТНЫЙ ОТЗЫВПавел Хмурчик
Просмотров 46 тыс.
Бомбическая механическая клавиатура 🤯00:41Бомбическая механическая клавиатура 🤯
Бомбическая механическая клавиатура 🤯HappyPC Питер
Просмотров 14 тыс.
АСМР Компьютерный Магазин: Какую Клавиатуру Выберешь? (Royal Kludge RK N80, RK H81)32:17АСМР Компьютерный Магазин: Какую Клавиатуру Выберешь? (Royal Kludge RK N80, RK H81)
АСМР Компьютерный Магазин: Какую Клавиатуру Выберешь? (Royal Kludge RK N80, RK H81)ASMR Detected
Просмотров 29 тыс.
OZON РАЗБИЛИ 3 КОМПЬЮТЕРА00:57OZON РАЗБИЛИ 3 КОМПЬЮТЕРА
OZON РАЗБИЛИ 3 КОМПЬЮТЕРАКинг Комп Shorts
Просмотров 34 тыс.
Best mobile of all time💥🗿 [Troll Face]00:24Best mobile of all time💥🗿 [Troll Face]
Best mobile of all time💥🗿 [Troll Face]Special SHNTY 2.0
Просмотров 2,3 млн
WINDOWS запустили НА ВЕЙПЕ! 👀 #технологии #одноразки #вейп00:24WINDOWS запустили НА ВЕЙПЕ! 👀 #технологии #одноразки #вейп
WINDOWS запустили НА ВЕЙПЕ! 👀 #технологии #одноразки #вейпAlisher Beisebai
Просмотров 319 тыс.