Listen to SecurityHQ’s very own Chris Cheyne and Johnny Witt, in their webinar on ‘Understand How to Threat Hunt DNS Covert Channel Indicators’.

Adversaries often communicate using DNS to avoid detection. They do this by blending in with existing traffic. Almost all APT threat actor groups have demonstrated indicators relating to the use of DNS as a covert channel. So, understanding threat hunting techniques over DNS logging is essential.

What You Will Learn

DNS firewall traffic analysis and anomaly detection
DNS controls bypassing
DNS log inspection for excessive sub domains, head length
How to spot encoded traffic over DNS
How to spot fast flux DNS
How to detect domain generation algorithms are used by many malware families
What to know about port 53 inbound Transition Control Protocol (TCP)
The benefits of using specific tools for detection (IBM QRadar, Resilient and IBM X-Force) and more!