Get the Skills you need from Home with SANS Online Training - Special Offers Available Now


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Making DNS Your Greatest Ally in Active Defense

  • Thursday, September 03, 2015 at 1:30 PM EDT (2015-09-03 17:30:00 UTC)
  • Dave Shackleford, Tim Helming


  • DomainTools

You can now attend the webcast using your mobile device!



The nature of attacks against our infrastructure and applications has changed. Attacks today are more targeted, and the more advanced adversaries have sophisticated distributed networks to attack and control systems that are compromised. At the same time, our own environments are getting more complex and spread out all the time. Fortunately, even the most stealthy and advanced attackers leave some trail behind them, and it's up to us to find these breadcrumbs and defend against the attackers in any way possible. Fortunately, DNS and Open Source Intelligence (OSINT) offer us a wealth of data about attacks and attackers.

In this webcast, we'll cover:

  • A brief timeline of attacker techniques, focusing on different styles of command and control, as well as data exfiltration
  • Current examples of breaches and attack scenarios where DNS and domain profile information could have helped detect or prevent the attacks
  • Specific indicators of attack and potential compromise that can be found in DNS, both internally and externally
  • Ways to better defend against attacks and data exfiltration using DNS and large-scale threat intelligence

Speaker Bios

Dave Shackleford

Dave Shackleford is the owner and principal consultant of Voodoo Security and a SANS analyst, senior instructor, and course author. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering, possessing extensive experience designing and configuring secure infrastructures. He has previously worked as CSO for Configuresoft, CTO for the Center for Internet Security, and as a security architect, analyst, and manager for several Fortune 500 companies. Dave is the author of the Sybex book Virtualization Security, the coauthor of Hands-On Information Security from Course Technology, and currently serves on the board of directors at the SANS Technology Institute and helps lead the Atlanta chapter of the Cloud Security Alliance.

Tim Helming

Tim Helming, DomainTools Director of Product Management, has over 14 years of experience in cybersecurity, from network to cloud to application attacks and defenses. At WatchGuard, he helped define and launch some of the best-selling SMB security appliances in the market. At Symform, he led definition and product evangelism efforts for that company's unique peer-to-peer cloud storage solution. Tim has spoken at security conferences, media events, and technology partner conferences worldwide.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.