AtlSecCon 2020 has ended
Back To Schedule
Tuesday, April 28 • TBA
Threat Hunting via DNS

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
DNS logs are one of the most powerful threat hunting resources, but encryption is rapidly changing that equation.

Key DNS threat hunting techniques include detecting DNS tunneling and Domain Generation Algorithms (DGAs). It used to be simple(r): log DNS requests and responses on DNS forwarders, or sniff and analyze via tools like Zeek.

DNS over TLS (DoT) and DNS over HTTPS (DoH) are disrupting the status quo: where does that leave network defenders? This talk will analyze the current state of DNS monitoring, and provide actionable steps for detecting malice on your network via DNS.

avatar for Eric Conrad

Eric Conrad

CTO, Backshore Communications
SANS Faculty Fellow Eric Conrad is the lead author of SANS MGT414: SANS Training Program for CISSP® Certification, and coauthor of both SANS SEC511: Continuous Monitoring and Security Operations and SANS SEC542: Web App Penetration Testing and Ethical Hacking. He is also the lead... Read More →

Tuesday April 28, 2020 TBA