Mapping adversary infrastructure using DNS
Nothing good or bad can happen on the Internet without involving the Domain Name System (DNS), which provides visibility of the global Internet and unparalleled intelligence on cybercriminals and attack methods. Merike Ko discusses the value of DNS to cyber investigations and explores how real-time DNS observations can improve accuracy and response time to cyberattacks.
| Talk Title | Mapping adversary infrastructure using DNS |
| Speakers | |
| Conference | O’Reilly Security Conference |
| Conf Tag | Build better defenses |
| Location | Amsterdam, Netherlands |
| Date | November 9-11, 2016 |
| URL | Talk Page |
| Slides | Talk Slides |
| Video | |
Nothing good or bad can happen on the Internet without involving the Domain Name System (DNS). DNS offers a commanding view of both the local and global Internet and can provide unparalleled intelligence on cybercriminals and their attack methods. During investigations, incident response professionals are increasingly using DNS to build out indicators of compromise (IOC)s and other threat indicators to map the attackers’ entries and lateral movements throughout their networks. Merike Käo shares the latest insights on the value of DNS to today’s cyber investigations as well as real-world examples of how incident responders, SOC analysts, and more are using real-time global DNS observations to significantly improve response time and accuracy to today’s cyberattacks. Topics include:
