In this three-part webinar series, Farsight Security and CIRCL provide an overview of Farsight's Passive DNS data, how historical Passive DNS objective observations can be used to uncover malicious activities going back in time. Using practical use cases, we demonstrate how to gather the same evidence using the Farsight passive DNS module from within the MISP platform, and share the findings with the community.

An Introduction to Passive DNS for Threat Hunting Part I – CRAWL

Bad actors can create, use, and discard domain names for malicious campaigns within minutes. Starting with a single suspicious domain or IP address, security professionals can use historical Passive DNS to gain previously unknown information about related DNS assets to help identify the infrastructure used in cyberattacks to enable organizations to more quickly respond and protect against fast-moving online threats, ranging from phishing to nation-state attacks.

In this webinar, Farsight Security provides an introduction to Passive DNS and popular use cases for threat hunting, brand protection and other cybersecurity-related activities. In addition, we will provide an overview of MISP – a powerful open-source threat sharing platform for sharing, storing and correlating Indicators of compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information. Then, we will demonstrate how Farsight DNSDB, integrated with MISP, can advance your cyber investigations.

What you will learn:

  • Introduction and practical use cases of Passive DNS
  • Overview and usage of MISP
  • Improve your investigations by leveraging the integration of Farsight DNSDB in MISP
Farsight_MISP 1_052021

 

Exploring Real-World Use Cases to Advance Cyber investigations Part II – WALK

In Part I of our three-part webinar series, we provided an introduction to using Passive DNS for threat hunting as well as an overview, including an overview of Farsight DNSDB, the world’s largest historical passive DNS database and MISP, a powerful open-source threat sharing platform for sharing, storing and correlating Indicators of compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information. In Part Two of this three-part webinar series, we share several real-world examples using both Farsight DNSDB and MISP in your investigations.

What you will learn:

  • Benefits of using Farsight DNSDB’s MISP integration
  • Review of real-world example
Farsight_MISP 2_052021

 

Advanced Threat Hunting Techniques Part III – RUN

In Part II of this three-part webinar series, we shared several real-world examples how you can use the combined power of both Farsight DNSDB and MISP in your investigations. In Part III of this three-part webinar series, we take a deep dive into a well-known incident of the past, the 2013 New York Times compromise using the combined power of Farsight DNSDB and MISP. In this example, we will show how you can use passive DNS data to investigate events that have occurred long time ago, even if for a short period of time. We’ll show you how to look for common patterns to identify similarities in Tactics, Techniques and Procedures (TTPs) of the malicious actors.

What you will learn:

  • How to investigate very old events based on a well-known incident
  • How to search for common patterns to indentity similarities in TTPs
Farsight_MISP 3_052021