DNS Threat Hunting: Exploiting Your Adversaries Dependence on Domain Names
Normally we think about bad guys exploiting our organization’s weaknesses but in this real training for free session we will turn the tables and explore how to exploit the fact that most adversaries rely on DNS to:
- Send email
- Deliver malicious payloads
- Connect to C&C (Command & Control)
- Exfiltrate data
For all of the above reasons and more, attackers need a locatable endpoint on the Internet. Attackers don’t like to use hard coded IP addresses because 1) bad guys frequently have to move to different systems 2) IP addresses stick out compared to domain names.
So, let’s use that against them. There’s a lot of information about domain names and the infrastructure associated with them and the DNS records compromising the domain’s zone file. If you can obtain this information and know how to analyze it there are some pretty good indicators to help you zero in on malicious domains.
In this webinar, we will explore those indicators and examine three different threat hunting scenarios where you can use domain name threat indicators to make faster decisions and build repeatable workflows that save time and protect your users. Finally, Taylor Wilkes-Pierce will briefly show how they analyze the massive quantity of information they collect about domain names on the Internet to help you find attackers through DNS.