HUNTING MALICIOUSNESS USING DNS

Price:

€925

Date:

September 16, 2021

Duration:

1 day

Level:

Medium

Image-empty-state.png

Trainer

Irena Damsky

Irena Damsky is the founder of Damsky.tech.
She is a security and intelligence researcher and developer based in Israel. Her focus is on threat intelligence, networking, malware and data analysis and aking out bad guys, while also running the company and providing different services.
Prior to starting Damsky.tech, Irena was VP of Security Research for a US-based startup, established the Threat Intelligence group for Check Point Software and served over six years in the Israeli Intelligence Forces, where she now holds the rank of Captain in the Reserve Service. She is a frequent speaker at security events, holds a BSc and MSc in Computer Science, and is fluent in English, Russian and Hebrew.

About the training

DNS is one of the basic layers that holds the internet together. Without it, not much else works... not even malware. In this training course we will focus on how to use DNS to the advantage of defending networks. With good techniques it is possible to find a great deal of misuse based on DNS such as DGAs, fast/double flux networks, phishing and brand impersonation. Tools like passive DNS, whois and active probing allow defenders to proactively search for malicious indicators before they are operationalized so defenders can get ahead of the attack cycle.

Training focuses on the use of DNS for malware hunting, detection of new infrastructure, discovery of new network assets and other “research” type products. There is an emphasis on hands-on labs while also covering some theory and history of DNS. Multiple topics are available and can be tailored to the class based on their interest.

Key takeaways

• DNS for malware hunting
• Learn about all the resources you can use for DNS analysis
• Discover malicious activity through DNS data

Level: Medium
Duration: 1 day
Prerequisites: None