CRAWL, WALK, RUN series – Farsight Security / MISP webinars

In this three-parts webinar series Farsight Security and CIRCL will provide an overview of Farsight’s Passive DNS data, how historical Passive DNS objective observations can be used to uncover malicious activities going back in time. Using practical use cases, we will then demonstrate how to gather the same evidence using Farsight passive DNS module from within MISP platform, and share the findings with the community. We will leave plenty of time for you to follow the steps we demonstrate, as well as ask questions. 

An Introduction to Passive DNS for Threat Hunting Part I – CRAWL

Bad actors can create, use, and discard domain names for malicious campaigns within minutes. Starting with a single suspicious domain or IP address, security professionals can use historical Passive DNS to gain previously unknown information about related DNS assets to help identify the infrastructure used in cyberattacks to enable organizations to more quickly respond and protect against fast-moving online threats, ranging from phishing to nation-state attacks.

In this webinar, Farsight Security will provide an introduction to Passive DNS and popular use cases for threat hunting, brand protection and other cybersecurity-related activities. In addition, we will provide an overview of MISP – a powerful open-source threat sharing platform for sharing, storing and correlating Indicators of compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information. Then, we will demonstrate how Farsight DNSDB, integrated with MISP, can advance your cyber investigations.

What will attendees learn?

  • Introduction and practical use cases of Passive DNS
  • Overview and usage of MISP
  • Improve your investigations by leveraging the integration of Farsight DNSDB in MISP

Date Tuesday April 20th at 5 PM CET – Part I Registration

Farsight DNSDB and MISP: Exploring Real-World Use Cases to Advance Cyber investigations Part II – WALK

In Part I of our three-party webinar series, we provided an introduction to using Passive DNS for threat hunting as well as an overview, including an overview of Farsight DNSDB, the world’s largest historical passive DNS database and MISP, a powerful open-source threat sharing platform for sharing, storing and correlating Indicators of compromise of targeted attacks, threat intelligence, financial fraud information, vulnerability information or even counter-terrorism information. In Part Two of this three-part webinar series, we will share several real-world examples using both Farsight DNSDB and MISP in your investigations.

What will attendees learn?

  • Benefits of using Farsight DNSDB’s MISP integration
  • Review of real-world example

Date Tuesday May 4th at 5 PM CET – Part II Registration

Farsight DNSDB and MISP: Advanced Threat Hunting Techniques Part III – RUN

In Part II of this three-part webinar series, we shared several real-world examples how you can use the combined power of both Farsight DNSDB and MISP in your investigations. In Part III of this three-part webinar series, we will take a deep dive into a well-known incident of the past, the 2013 New York Times compromise using the combined power of Farsight DNSDB and MISP. In this example, we will show how you can use passive DNS data to investigate events that have occurred long time ago, even if for a short period of time. We’ll show you how to look for common patterns to identify similarities in Tactics, Techniques and Procedures (TTPs) of the malicious actors.

What will attendees learn?

  • How to investigate very old events based on a well-known incident
  • How to search for common patterns to indentity similarities in TTPs

Date Tuesday May 11th at 5 PM CET – Part III Registration