Intro to Threat Hunting with Farsight DNSDB
Learn to Use DNSDB Scout for Quick Discoveries
We all use the Domain Name System (DNS) virtually every day. If you are reading this on a screen, multiple DNS queries have already happened in order to load this content.
In this presentation, DomainTools Chief Information Security Officer (and erstwhile full-time threat hunter) Daniel Schwalble will cover basic investigative techniques and methodologies for how to use Farsight DNSDB for Threat Hunting.
Using DNSDB Scout, we’ll show how to easily and quickly uncover previously unknown connections between seemingly unrelated assets. By using IP addresses and domain names, we can map online infrastructure and share tricks for finding proverbial needles in the Internet haystack!
The discussion will cover “Standard Search” and “Flexible Search” queries against the DNSDB API, including an introduction to using regular expressions for finding patterns in fully qualified domain names and DNS resource records. We will also discuss techniques for searching content in “lesser known” Resource Record Types such as SOA and TXT.