Daily Archives: March 11, 2017

TTLs and where to find them

Recently I have been conducted a lot of interviews for SOC Analysts; one of the questions I ask is as follows: You are reviewing your DNS logs and find an answer to a DNS query which shows rabbitcoldhotel.evil.com on <AnyExternalIP> … Continue reading

Posted in Network Analytics, Network Forensics, Uncategorized | Tagged , , , , | 2 Comments