Loading Events

« All Events

DNS Threat Intel

June 23, 2019 @ 9:00 am 5:00 pm

Abstract

DNS is the one of the basic layers that holds the Internet together. Without it, not much else works… even malware. In this training we will focus on how to use DNS to the advantage of defending networks. With good techniques it is possible to find a great deal of misuse based on DNS such as DGAs, fast/double flux networks, phishing, and brand impersonation. Tools like passive DNS, whois, and active probing allow defenders to proactively search for malicious indicators before they are operationalized so defenders can get ahead of the attack cycle. This is a training on the usage of DNS for malware hunting, detection of new infrastructure, discovery of new network assets and other “research” type of products. In this training we will focus on hands on labs while covering also some theory and history of DNS.

Intended Audience

Network analysts and defenders, SOC analysts, Incident responders Red teamers and pen testers LE Anyone who is interested in learning a new skillset that will allow them to get ahead of their adversaries

Pre-requisites

Basic scripting (Bash/Python)
Basic understanding of networking and malware life cycle
Laptop capable of Running bash / connecting to ssh

Outline/Syllabus

  • Gathering data using DNS
  • Overview of whois information and effects of GDPR
  • Overview of passive DNS (pDNS)
  • Tools
  • Advanced “Research” Topics
    • Pivoting
    • DGAs
    • Malicious domain detection

Trainer Bio

Irena Damsky is the Head of End Point Detection for Palo Alto Networks and the founder of Damsky.tech a CTI Research, Training and Consulting firm. She is a security and intelligence researcher and developer based in Israel. Her focus is on threat intelligence, networking, malware & data analysis and taking out bad guys while trying to make the internet a safer place for all.
Twitter: @DamskyIrena

Details

Date:
June 23
Time:
9:00 am – 5:00 pm
Cost:
$850
Website:
https://tickets.bsidestlv.com/bsidestlv/bsidestlv/1/

Organizer

Irena Demsky

Naftali Building – Faculty of Social Sciences

Tel Aviv University
Tel Aviv, Israel
+ Google Map

Training Terms & Conditions

  • Training requires a minimum of 10 participants and no more than 25 per classroom.
  • Training session confirmation will be sent June 1st 2019.
  • Cancellation and refunds will not be available once session has been confirmed.
  • Questions? [email protected]
  • Full terms can be found at https://bsidestlv.com/trainingterms/