Building a Local Passive DNS Tool for Threat Intelligence Research

DEF CON 24

Presented by: Kathy Wang
Date: Sunday August 07, 2016
Time: 11:10 - 12:00
Location: Packet Hacking Village

Currently, many Security Operations capabilities struggle with obtaining useful passive DNS data post breach. Breaches are often detected months after the attack. Due to the ephemeral nature of malicious DNS domains, existing well-known passive DNS collections lack complete visibility to aid in conducting incident response and malware forensics. We will present a new tool to collect local passive DNS data, which will enable security operations capabilities to conduct more effective defense against malware, including APTs, zero days, and targeted attacks. Our presentation will consist of a demo of the tool, and the tool will be released for public use.

Kathy Wang

Kathy Wang (Twitter: @wangkathy) Kathy Wang is an internationally-recognized malware expert, who has researched, developed, evaluated, and operationalized various solutions for detecting and preventing client-side attacks used by advanced persistent threats (APT), as they target common platforms (e.g., browser, email, mobile phones). Prior to Splunk, Kathy has held past positions such as Director of Research and Development at ManTech International, and Principal Investigator of the Honeyclient Project at The MITRE Corporation, during which she pioneered a prototype that became the basis of current cutting-edge zero-day malware detection technologies. Kathy has spoken at many security conferences and panels internationally, including RSA, DEF CON, AusCERT, and REcon. She has co-authored a book, Beautiful Security, and holds a BS and MS in Electrical Engineering from The University of Michigan, Ann Arbor.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats