Detecting Phishing from pDNS

Passive DNS (pDNS) has been utilised by threat researchers for several years and allows us to gather information on domain usage worldwide. Since data fidelity varies depending upon the scope, timeline, and vantage point of sensor networks, pDNS visibility provides a multitude of different and exciting results for analysts to review.

In this presentation we will quickly recap DNS and pDNS, review different approaches to detecting phishing using pDNS and focus on demonstrating different heuristics and operational procedures that can help increase actual detection while minimizing false positives.

This was presented at Security Fest 2018.

Speakers: Irena Damsky
 
Get all relevant information and news regarding Security Fest, when we release recordings of talks, etc.