
Detecting Phishing from pDNS
Talk
Passive DNS (pDNS) have been utilized by threat researchers for several years and allow us to gather information on domain usage worldwide. Since data fidelity varies depending upon the scope, timeline, and vantage point of sensor networks, pDNS visibility provides a multitude of different and exciting results for analysts to review. In this presentation we will quickly recap DNS and pDNS, review different approaches to detecting phishing using pDNS and focus on demonstrating different heuristics and operational procedures that can help increase actual detection while minimizing false positives.

Thinking Behind Enemy Lines – Actionable Threat Intelligence Tools and Techniques
Training
Security has long ago become more than just malware reverse engineering. To defend your organization, you need to analyze your adversary’s intent, opportunities and capabilities. The tools and skills needed are not only of deep technical nature, but also require one to leverage available intelligence and counterintelligence information and know how to make the most of it.
To become a good intelligence analyst, you need to acquire a different way of thinking – an analytical mindset, which requires getting acquainted with field proven intelligence techniques and methodologies. These will serve as the basis for doing your daily analysis tasks in a much more productive and sophisticated way.
In this course, which will include both lectures and hands on training, we will learn how to look beyond the malware itself in order to dig information on the infrastructure and actor behind it. We will understand the adversary's intents, way of thinking and the risk it poses against our threat model, to develop the best protections and mitigations. We will get familiarized with tools for gaining insight into attacker’s workflow and learn how to integrate those into the organization. The students will be capable to go back to their organization and immediately start utilizing the lessons learned to proactively defend their network.

Hunting maliciousness using DNS
Training
DNS is the one of the basic layers that holds the Internet together. Without it, not much else works... even malware. In this training we will focus on how to use DNS to the advantage of defending networks. With good techniques it is possible to find a great deal of misuse based on DNS such as DGAs, fast/double flux networks, phishing, and brand impersonation. Tools like passive DNS, whois, and active probing allow defenders to proactively search for malicious indicators before they are operationalized so defenders can get ahead of the attack cycle.
This is a training on the usage of DNS for malware hunting, detection of new infrastructure, discovery of new network assets and other “research” type of products. In this training we will focus on hands on labs while covering also some theory and history of DNS. There are multiple topics that are available and can be tailored to the class based on their interest.

Using DNS to your advantage
Workshop
DNS is the one of the basic layers that holds the Internet together. Without it, not much else works... even malware. This two/three-hour presentation is focused on how to use DNS to the advantage of defending networks. With good techniques it is possible to find a great deal of misuse based on DNS such as DGAs, fast/double flux networks, phishing, and brand impersonation. Tools like passive DNS, whois, and active probing allow defenders to proactively search for malicious indicators before they are operationalized so defenders can get ahead of the attack cycle.