One More Week for MacBook Air, $400 Amazon Gift Card, or Take $400 Off with OnDemand Training


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

How to Use Historical Passive DNS for Defense Investigations and Risk Assessments

  • Wednesday, April 21, 2021 at 10:30 AM EDT (2021-04-21 14:30:00 UTC)
  • Dave Shackleford, Ben April


  • Farsight Security

You can now attend the webcast using your mobile device!



While there is value in real-time DNS data, passive DNS offers a wealth of historical DNS records analysts can use to gain valuable insight into changes over time. These changes provide the key context needed to identify risks and respond to security threats. In this webcast, SANS analyst Dave Shackleford reviews Farsight Security's Passive DNS Database (DNSDB), a passive DNS data service designed to help investigators enhance the efficiency and effectiveness of their threat hunting investigations and take action on threats.

By walking through five timely and relevant uses cases, Shackleford puts DNSDB to the test and shares his experiences using DNSDB service to:

  • Install and use DNSDB Scout, a comprehensive dashboard which enables users to create DNSDB queries from a web browser.
  • Create both simple keyword searches and regular expression searches using Flexible Search and DNSDB command line.
  • Apply time fencing, sorting, and other parameters to limit query results to just the data you want.
  • Use the context of search results to lower the risks of incidents, such as phishing and malware infections, and improve mail defense.
  • Evaluate exposure of third-party vendors and identify their customer base as part of procurement.

Register today and be among the first to receive associated whitepaper written by Dave Shackleford.

Speaker Bios

Dave Shackleford

Dave Shackleford, a SANS analyst, senior instructor, course author, GIAC technical director and member of the board of directors for the SANS Technology Institute, is the founder and principal consultant with Voodoo Security. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. A VMware vExpert, Dave has extensive experience designing and configuring secure virtualized infrastructures. He previously worked as chief security officer for Configuresoft and CTO for the Center for Internet Security. Dave currently helps lead the Atlanta chapter of the Cloud Security Alliance.

Ben April

Ben April is the Chief Technology Officer at Farsight Security, Inc. Prior to joining Farsight Security, Mr. April spent eight years at Trend Micro, where he became the Americas regional manager of the forward-looking threat research team. He has presented to security conferences on five continents, covering topics like Bitcoin, NFC, operational security, and infrastructure security. Mr. April has built research systems for collecting and aggregating data, from Whois and the Bitcoin block-chain to the global routing table. His current crusade is to eliminate the technical and policy barriers that impede data-sharing among white-hat security researchers. Mr. April is also a volunteer sysadmin and coder for some trusted-community security projects.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.