Digging for Gold: Examining DNS Logs on Windows Clients

Investigators can examine Domain Name Service (DNS) queries to find potentially compromised hosts by searching for queries that are unusual or to known malicious domains. Once the investigator identifies the compromised host, they must then locate the process that is generating the DNS queries. The...
Amanda Draeger
May 22, 2019

All papers are copyrighted. No re-posting of papers is permitted