Overview
Syllabus
Introduction
Malware High Level Overview
Very Generic Malware Description
Finding Malware using DNS logs
Malware and DNS
Packet Captures
Back to DNS - Defensive Techniques
DGA (Domain Generation Algorithm)
Malware and DGA
Identifying Malicious Traffic - Objectives
Establish DNS Traffic Baseline
Baseline NXDOMAIN responses - cont'd
Query for Malicious Domains
Analyze DNS Traffic
Identifying Anomalous Domain Names
Tools
dnstop
Passive DNS
Analyze Network Traffic of Suspect Hosts
Notify Community
Can we attribute an attack?
Be like Good Guy Greg
QUESTIONS?