Hello and welcome to the Thursday, February 16th, 2020, edition of the Sandsenet Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Diary by Rob today about, well, sort of passive DNS recon platforms.

These platforms typically collect DNS queries at various choke points and then are summarizing

them.

So you can, for example, query, and that's the example that Rob used all the host names

or all the DNS queries that were looked up for a particular

domain like Sans.edu.

Rob is using Cisco umbrella here to show how this type of passive DNS information works and

how to script against it.

Ambrella, of course, going with open DNS has plenty of data to mine here.

They also make historic data available, so not just currently valid DNS records.

For any kind of sort of scoping, reconnaissance for a pen test or such, this is certainly very

valuable information. Also, find it valuable to, for example, look at, like, look-alike or

imposter domains, but also to look, for example, at additional subdomains that you may find in a particular domain that,

for example, has been compromised and where hackers have started to add malicious records

to a particular domain. In addition to Cisco umbrella, there is, for example, also domain tools

with its acquisition of Foresight,

which also runs a large database of passive DNS information.

And GitHub updated its copilot, artificial intelligent coding assistance.

The way a co-pilot works is that it sort of provides suggestion as your artificial intelligent coding assistance.

The way a copilot works is that it sort of provides suggestion as you're typing.

...