TH-3011 Passive DNS & pBGP in Depth Lab

Presented at Texas Cyber Summit 2019, Oct. 10, 2019, 1 p.m. (240 minutes)

Passive DNS in Depth Passive DNS (pDNS) data is a treasure trove of information for security teams, intelligence teams, network operations teams, and security research teams alike. By keeping an historical record of DNS results of time this data empowers many different teams to enrich and produce intelligence information for a variety of purpose. Merger and acquisition teams can look for internet facing, and sometimes internal, IT resources that may not have been declared. Blue teams can monitor for mis-configuration of DNS, research malware, develop threat signatures, and in many cases monitor for shadow IT. Red teams can use this information to exploit DNS misconfigurations, find additional assets, and pattern match target IT infrastructure. Security researchers are limited only by their imagination and time. Passive BGP (pBGP) data can enable network operations teams to quickly spot problems. pBGP data is also useful to help determine if problems were a result of a simple misconfiguration or a part of a more nefarious operation. Understanding the architecture and methodology of pDNS and pBGP is critical to end users of this data. By having a deeper understanding of the architecture (collection, storage, and query methodologies), individuals and teams will be more able to fully capitalize on the enrichment and context building capabilities of the data. As well as architecture, this course will cover a variety of scenarios for organizations of all sizes and maturity to help enable the use and integration of pDNS and pBGP data as a part of security and network operations.

Presenters:

• Donald Mac McCarthy - Open Source Context
  Mac is a 17 year veteran of the IT industry. He has experience worked for organization ranging in size from 10 to 200,000+ employees. Mac has been involved in information security for the past 9 years with organizations in the academic, healthcare and financial, and public sectors. Mac is a linux enthusiast with a passion for using large compute clusters to help solve the most challenging problems in security analytics. He has given presentations globally on business email compromise and credentials stuffing. Mac currently serves as the Director of Field Operations for Open Source Context.

Links:

• https://texascybersummitii2019.sched.com/event/VEU6/th-3011-passive-dns-pbgp-in-depth-lab

Similar Presentations:

• DeepSec 2018 „I like to mov &6974,%bx“ / DNS Exfiltration and Out-of-Band Attacks
• DEF CON 18 (2010) / SIE Passive DNS and the ISC DNS Database
• Black Hat USA 2010 / SIE Passive DNS and the ISC DNS Database