NOV Riverbank Park Plaza, London
The talk will take a retrospective look at the techniques, tactics and procedures along with what's, why's and how's of a DNS espionage campaign from 2018 and 2019.
This analysis will include a summary the work we did within NCSC to understand the global underpinnings of DNS from registries, registrars, name server operators to anycast providers in order to ascertain its attack surface.
We will then then go on to discuss the design, implementation and effectiveness of the framework we built in response to detect indicators of interest from both DNS directly and other sources. The techniques developed can be used to aid in the detection of hijacking, as seen in the DNS espionage campaigns, as well as various other actors and techniques.
We will show the data sources, how we ingest, enrich and consume. We will also provide a qualitative analysis of its efficacy.
Finally, we'll share a few other analyst techniques we've identified along the way for investigating bad actor use of DNS.
Thomas G - Head of Industry Analysis, NCSC Operations London
Ollie Whitehouse - Global CTO, NCC Group (and also part of Industry 100 within NCSC Operations London)
More information here: https://content.sans.org/sites/default/files/2019-08/CT_Agenda_v4.pdf