At this month's PLUG Security meeting:
Donald McCarthy: passiveDNS For fun and Profit (part1)
For more information:
If you DNS infrastructure has a bad day, your network has a bad day. If your DNS infrastructure has a good day, something else is bound to go wrong. PassiveDNS generally wont help you fix either.
PassiveDNS is a historical look at observed DNS queries over time. It is akin to The Internet Archive's Way Back Machine, but for DNS zones. Its utility as an operations and security tool is valuable and not easily replaced by another type of data.
In this presentation we will cover exactly what passiveDNS is and isn't, passiveDNS architecture, some security use cases, and if time allows some live demonstration.
In part 2 of the presentation (another month) I will demonstrate some passiveDNS tooling and more in depth practical knowledge to turn theoretical use cases into automated assistance for a SOC or NOC.
Donald "Mac" McCarthy is a 15 year veteran of the IT industry with the last 8 years focused on InfoSec. He has worked on a variety of different systems ranging from cash registers to super computers. It was while serving as a systems administrator for a scientific computing cluster that he discovered his passion for using linux for highly distributed complex tasks. His current focus is using linux with open source technologies like kafka and elastic search to build tooling for security analysts and network operations. He is a proud Veteran of the United States Army and recently relocated from Atlanta to the East Valley.