Threat Hunting via DNS with Eric Conrad - SANS Blue Team Summit 2020
Рет қаралды 22,945
Күн бұрынDNS logs are one of the most powerful threat hunting resources, but encryption is rapidly changing that equation.
Key DNS threat hunting techniques include detecting DNS tunneling and Domain Generation Algorithms (DGAs). It used to be simple(r): log DNS requests and responses on DNS forwarders, or sniff and analyze via tools like Zeek.
DNS over TLS (DoT) and DNS over HTTPS (DoH) are disrupting the status quo: where does that leave network defenders? This talk will analyze the current state of DNS monitoring, and provide actionable steps for detecting malice on your network via DNS.
Eric Conrad @eric_conrad Fellow, SANS Institute
@NeonNotch 3 жыл бұрын
This man is part of the 1% of individuals. Highly intelligent, charismatic, easy to understand. Great talk, thank you!
@gitgudsec 2 ай бұрын
look, i don't usually fanboy over security instructors... but when i do it's eric conrad.
@Francois-B-Arthanas 3 жыл бұрын
Eric - You are amazing 🤩. Thank you 🙏 for everything you do for the Cyber community.
@sammo7877 3 жыл бұрын
I'm not going to get into the encrypted DNS debate - gets into the debate :D great talk btw!
@mohammadaassif Жыл бұрын
Sir Eric - You are amazing in your teaching method i am fun.
@vonniehudson 3 жыл бұрын
NULL records… taking that one home. Never knew about that
@sidss007 3 жыл бұрын
Your course on Building your own cyber lab is awesome.
@vonniehudson 3 жыл бұрын
@@sidss007 which one?
@dustyrose8010 2 жыл бұрын
@@vonniehudson hi I'm dusty
@mar002007 2 жыл бұрын
Is this the Nelson Sullivan’s Eric?
SANS Cyber Defense
Рет қаралды 13 М.
SANS Digital Forensics and Incident Response
Рет қаралды 31 М.
SANS Digital Forensics and Incident Response
Рет қаралды 14 М.