Thursday 6 October 09:00 - 09:30, Green roomKathy Wang (Splunk)
Steve Brant (Splunk)Currently, many security operations capabilities struggle with obtaining useful passive DNS data post breach. Breaches are often detected months after the attack. Due to the ephemeral nature of malicious DNS domains, existing well-known passive DNS collections lack complete visibility to aid in conducting incident response and malware forensics.We will present a new tool to collect local passive DNS data, which will enable security operations capabilities to conduct more effective defence against malware, including APTs, zero days, and targeted attacks. Our presentation will consist of a demo of the tool, and the tool will be released for public use. We will also outline how we architected this tool, and describe each function of the tool in detail.Click here for more details about the conference.