Category Archives: Passive DNS

Twenty-three SUNBURST Targets Identified

Posted on by

Remember when Igor Kuznetsov and Costin Raiu announced that two of the victims in FireEye’s SUNBURST IOC list were ***net.***.com and central.***.gov on Kaspersky’s Securelist blog in December? Reuters later reported that these victims were Cox Communi… Continue reading Twenty-three SUNBURST Targets Identified

[SANS ISC] Running your Own Passive DNS Service

Posted on by

I published the following diary on isc.sans.edu: “Running your Own Passive DNS Service“: Passive DNS is not new but remains a very interesting component to have in your hunting arsenal. As defined by CIRCL, a passive DNS is “a database storing historical DNS records from various resources. The historical data

[The post [SANS ISC] Running your Own Passive DNS Service has been first published on /dev/random]

Continue reading [SANS ISC] Running your Own Passive DNS Service

Passive DNS for the Bad

Posted on by

Passive DNS is not a new technique but, for the last months, there was more and more noise around it. Passive DNS is a technique used to record all resolution requests performed by DNS resolvers (bigger they are, bigger they will collect) and then allow to search for historical data.

[The post Passive DNS for the Bad has been first published on /dev/random]

Continue reading Passive DNS for the Bad

[SANS ISC] Investigating Security Incidents with Passive DNS

Posted on by

I published the following diary on isc.sans.org: “Investigating Security Incidents with Passive DNS“. Sometimes when you need to investigate a security incident or to check for suspicious activity, you become frustrated because the online resource that you’re trying to reach has already been cleaned. We cannot blame system administrators and

[The post [SANS ISC] Investigating Security Incidents with Passive DNS has been first published on /dev/random]

Continue reading [SANS ISC] Investigating Security Incidents with Passive DNS