Explore defensive techniques for detecting malware in networks using DNS analysis in this BSidesDE 2013 conference talk. Delve into the basics of malware and DNS, examine packet captures, and learn about baseline NXDOMAIN responses. Discover tools like dnstop and PassiveDNS, and investigate methods for querying malicious domains. Gain insights into potential attack attribution and engage in a Q&A session to deepen your understanding of utilizing DNS for enhanced network security.
Overview
Syllabus
Intro
Very Generic Malware Description
Malware and DNS - Basics
Packet Captures
Back to DNS - Defensive Techniques
HEY CELERY IS 90% WATER
Baseline NXDOMAIN responses - cont'd
Query for Malicious Domains
dnstop
PassiveDNS
Can we attribute an attack?
QUESTIONS?