ANOTHER Log to Analyze - Utilizing DNS to Identify Malware presented at BSideSLA 2013

by Nathan Magniez,

Summary : DNS logs are an often overlooked asset in identifying malware in your network. The purpose of this talk to identify malware in the network through establishing DNS query and response baselines, analysis of NXDOMAIN responses, analysis of successful DNS lookups, and identifying domain name anomalies. This talk will give you the basics of what to look for in your own unique environment.