Detecting DNS Fast Fluxing Domains
Fast Flux is a technique that hides and conceals the real identity of the attacker by circulating through different and ever changing number of IP addresses.
In this video walkthrough, we used Snort and Sguil installed in Security Onion to lay down a practical example on detecting DNS fast fluxing domains.
This video was part of the Cisco CyberOps Certificate.
How to detect Malwares in your Network with Snort
How to detect Advanced persistent Threat
You will learn how to investigate the presence of an APT in your network using security onion and by correlating events and alerts through different frameworks. Network intrusion analysis and security operations.