Course level: Intermediate
Intended Audience: Malware analysts, hunters, soc analysts, network analysts, IR handlers and anyone interested in learning how to use DNS to their advantage.
Pre-requisites: Basic understanding on networking.
Abstract:
DNS is the one of the basic layers that holds the Internet together. Without it, not much else works... even malware. This three-hour presentation is focused on how to use DNS to the advantage of defending networks. With good techniques it is possible to find a great deal of misuse based on DNS such as DGAs, fast/double flux networks, phishing, and brand impersonation. Tools like passive DNS, whois, and active probing allow defenders to proactively search for malicious indicators before they are operationalized so defenders can get ahead of the attack cycle.
Presenter:
Irena Damsky is the founder of Damsky.tech – CTI Research, Training and Consulting. She is a security and intelligence researcher and developer based in Israel. Her focus is on threat intelligence, networking, malware & data analysis and taking out bad guys as she is running the company and provides the different services.
Prior to starting Damsky.tech, Irena held different roles in the industry from ranging from Threat intelligence leader to VP of Security Research and served over six years in the Israeli Intelligence Forces, where she now holds the rank of Captain in the Reserve Service. She is a frequent speaker at security events, holds a BSc and MSc in Computer Science, and is fluent in English, Russian, and Hebrew.
Website: https://damsky.tech
Twitter: @DamskyIrena
LinkedIN: https://www.linkedin.com/in/irenadam/
January 23, 2019 09:00-10:30, January 23, 2019 10:45-12:00
