Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Another Log to Analyze - Utilizing DNS to Identify Malware

via YouTube

Overview

Explore techniques for identifying malware using DNS logs in this comprehensive conference talk. Delve into the relationship between malware and DNS, examining packet captures and defensive techniques. Learn about Domain Generation Algorithms (DGA) and their role in malware operations. Develop skills to establish DNS traffic baselines, analyze NXDOMAIN responses, and query for malicious domains. Discover methods for identifying anomalous domain names and utilizing tools like dnstop and Passive DNS. Gain insights into analyzing network traffic of suspect hosts, notifying the community, and considering attack attribution. Enhance your cybersecurity knowledge with practical approaches to detect and mitigate malware threats through DNS analysis.

Syllabus

Introduction
Malware High Level Overview
Very Generic Malware Description
Finding Malware using DNS logs
Malware and DNS
Packet Captures
Back to DNS - Defensive Techniques
DGA (Domain Generation Algorithm)
Malware and DGA
Identifying Malicious Traffic - Objectives
Establish DNS Traffic Baseline
Baseline NXDOMAIN responses - cont'd
Query for Malicious Domains
Analyze DNS Traffic
Identifying Anomalous Domain Names
Tools
dnstop
Passive DNS
Analyze Network Traffic of Suspect Hosts
Notify Community
Can we attribute an attack?
Be like Good Guy Greg
QUESTIONS?

Reviews

Start your review of Another Log to Analyze - Utilizing DNS to Identify Malware

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.