I recently came across this white paper which focuses in the dynamic analysis of network indicators for threat detection. The paper is very easy to read and I found very surprising some of the conclusions obtained from the research. The most revealing one is the fact that months before researchers have access or discovered a…
Tag: Passive DNS
Hunting down Threat Infrastructure (2, with PassiveTotal)
It’s been a while since I wrote the first post on Threat infrastructure and I believe it will be beneficial for you to first go through it, if you have not done it yet. This will set the context to understand the issues we are trying to solve here. The first post explained how attackers…
Hunting down Threat Infrastructure (1)
In this two article series, I am going to explain how to spot anomalous activity in proxies and DNSÂ queries coming out of your network. Additionally, I am also explaining how to recognize suspicious threat infrastructure, what elements you need to pay attention to, how this infrastructure behaves, what are the challenges for the defender and…
Security Intelligence: A Practitioner’s Guide to Solving Enterprise Security Challenges
This is another awesome book I recently found trying to validate some knowledge for my next blog post. This is the definitive book to understand today’s malware distribution networks and how they operate. I have spent a considerable amount of time researching and working with technologies aimed at recognizing Malware Delivery Networks and this is…