Jun 11 – 12, 2018
Orea Hotel Voronez
Europe/Prague timezone

Fighting malware during the DNS resolution

Jun 12, 2018, 1:30 PM
Congress Hall (Orea Hotel Voronez)

Congress Hall

Orea Hotel Voronez

Krizkovskeho 47 603 73 Brno Czech Republic


Most of the malware lifecycle could be observed and even prevented in the DNS traffic. DNS resolver is the ideal place to look for the behavior and eventually act against malicious requests. The presentation will focus on different types of malware requests that can be seen and will discuss experience with fighting malware in a network with approximately hundred thousand of different households in the beginning of 2018. Summary of individual incidents and methods of detection will be presented along with downsides (e.g. application of external Indicators of Compromise) of such approach.
The aim is to give the audience an idea about the number of threats seen in a standard home network and to share experience with challenges in DNS resolution filtering like false positive mitigation. The main presentation structure will follow the malware lifecycle and will present real-life examples, statistics and describe approaches used to solve particular problems.

Type of Presentation

Primary author

Presentation materials