This course covers the operation, threats, and security intelligence related to the Domain Name System (DNS). By the end of the course, learners will be able to understand DNS amplification attacks, proper DNS server configuration, prevention of blind transfers, domain hijacking, DNS security use cases, SSL traffic correlation challenges, threat intelligence using DNS data, forensic investigations related to DNS, detection of DNS data exfiltration, and conducting threat intelligence research. The course utilizes videos from Louisville InfoSec 2016 and is intended for individuals interested in cybersecurity, network administration, or threat intelligence analysis.
Overview
Syllabus
Intro
DOMAIN NAME SYSTEM Operation, Threats, and Security Intelligence
AMPLIFICATION ATTACK PROCESS
PROPER DNS SERVER CONFIGURATION
YOU ARE NOT AN ISP Unless, of course, you are ONLY PROVIDE RESPONSES FOR DOMAINS YOU OWN
BLIND TRANSFERS ARE BAD
DOMAIN HIJACKING
HOW DO WE STOP THIS?
DNS SECURITY USE CASES
SSL TRAFFIC CORRELATION Problem Reading encyrpted requests is hard
THREAT INTELLIGENCE USING DNS DATA DNS lookups for known malicious sites Hosting providers associated with ransomware
FORENSIC INVESTIGATIONS
DNS DATA EXFILTRATION Detect DNS tunneling - abnormally high number of lookups for a single domain
THREAT INTELLIGENCE RESEARCH
