Texas Cyber Summit II

Passive DNS in Depth
Passive DNS (pDNS) data is a treasure trove of information for security teams, intelligence teams, network operations teams, and security research teams alike. By keeping an historical record of DNS results of time this data empowers many different teams to enrich and produce intelligence information for a variety of purpose. Merger and acquisition teams can look for internet facing, and sometimes internal, IT resources that may not have been declared. Blue teams can monitor for mis-configuration of DNS, research malware, develop threat signatures, and in many cases monitor for shadow IT. Red teams can use this information to exploit DNS misconfigurations, find additional assets, and pattern match target IT infrastructure. Security researchers are limited only by their imagination and time.
Passive BGP (pBGP) data can enable network operations teams to quickly spot problems. pBGP data is also useful to help determine if problems were a result of a simple misconfiguration or a part of a more nefarious operation.
Understanding the architecture and methodology of pDNS and pBGP is critical to end users of this data. By having a deeper understanding of the architecture (collection, storage, and query methodologies), individuals and teams will be more able to fully capitalize on the enrichment and context building capabilities of the data. As well as architecture, this course will cover a variety of scenarios for organizations of all sizes and maturity to help enable the use and integration of pDNS and pBGP data as a part of security and network operations.