{ "version": "1.2.0", "chapters": [ { "title": "Intro - Threat Hunting Malware Communication over DNS", "startTime": 0, "endTime": 53.26 }, { "title": "Introducing Faan", "startTime": 53.26, "endTime": 148.26 }, { "title": "Threat Hunting C2 Over DNS", "startTime": 148.26, "endTime": 240.26 }, { "title": "Threat Hunting - What is it and why is it awesome?", "startTime": 240.26, "endTime": 342.26 }, { "title": "Assumed Compromise", "startTime": 342.26, "endTime": 415.26 }, { "title": "David J. Bianco – Pyramid of Pain Guy", "startTime": 415.26, "endTime": 808.26 }, { "title": "C2 Over DNS", "startTime": 808.26, "endTime": 1683.26 }, { "title": "TXT Record Abuse", "startTime": 1683.26, "endTime": 1966.26 }, { "title": "Null Record", "startTime": 1966.26, "endTime": 2107.26 }, { "title": "CNAME, MX, SRV… Oh my", "startTime": 2107.26, "endTime": 2306.26 }, { "title": "DNS Sandwhich", "startTime": 2306.26, "endTime": 2568.26 }, { "title": "ID Field Missuse", "startTime": 2568.26, "endTime": 2938.26 }, { "title": "EDNS0", "startTime": 2938.26, "endTime": 3153.26 }, { "title": "Encrypted DNS", "startTime": 3153.26, "endTime": 3315.26 }, { "title": "Main Takeaway", "startTime": 3315.26, "endTime": 3374.26 }, { "title": "The Workshop: Build a Reflective Shellcode Loader C2 in Golang", "startTime": 3374.26, "endTime": 3471.26 }, { "title": "Q&A Start", "startTime": 3471.26, "endTime": 3615.26 }, { "title": "DNS and Splunk?", "startTime": 3615.26, "endTime": 3708.26 }, { "title": "Suggestions for Detecting DGA?", "startTime": 3708.26, "endTime": 3805.26 }, { "title": "Offensive Security Tooling from a Threat Hunter Perspective", "startTime": 3805.26, "endTime": 4047.26 }, { "title": "Restrict outbound DNS to protect against C2?", "startTime": 4047.26, "endTime": 4146.26 }, { "title": "Communicating the value of Threat Hunting to Higher Ups.", "startTime": 4146.26, "endTime": 4429.26 }, { "title": "Closing Remarks", "startTime": 4429.26, "endTime": 5179.26 } ] }