Detecting malicious activity and malware on a large network presented at BsidesWinnipeg 2013

by Brandon Enright,

Summary : This presentation will discuss the sorts of data sources available to network operators and big companies running their network, and how to sort through that data to find abuse, malicious activity, and malware.
The bulk of the focus of the presentation will be on detecting botnet Command and Control (C&C) but will definitely cover drive by exploits and other things too. A big focus will be on transparent HTTP proxy logs (like the stuff you get out of WebSense or BlueCoat or Web Security Appliance) but mining other data sources including passive DNS queries will be covered.