<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<h1 align="center"><strong style="font-weight: bold;">PLUG's </strong>Security
Meeting</h1>
<p align="center">Meets on the<span class="Apple-converted-space"> </span><b>3rd
Thursday of every month</b>, starting at 7pm.<br>
For more information see: <a moz-do-not-send="true"
href="https://phxlinux.org/index.php/meetings/20-plug-security.html">https://phxlinux.org/index.php/meetings/20-plug-security.html</a><br>
</p>
<hr align="center" width="100%" size="2">At this month's PLUG
Security meeting:<br>
<b>Donald McCarthy: passiveDNS For fun and Profit (part1)</b><br>
<br>
For more information:<br>
<a class="moz-txt-link-freetext" href="http://phxlinux.org/index.php/meetings/20-plug-security.html">http://phxlinux.org/index.php/meetings/20-plug-security.html</a><br>
<br>
<b>Description</b>:<br>
If you DNS infrastructure has a bad day, your network has a bad day.
If your DNS infrastructure has a good day, something else is bound
to go wrong. PassiveDNS generally wont help you fix either.<br>
<br>
PassiveDNS is a historical look at observed DNS queries over time.
It is akin to The Internet Archive's Way Back Machine, but for DNS
zones. Its utility as an operations and security tool is valuable
and not easily replaced by another type of data.<br>
<br>
In this presentation we will cover exactly what passiveDNS is and
isn't, passiveDNS architecture, some security use cases, and if time
allows some live demonstration.<br>
<br>
In part 2 of the presentation (another month) I will demonstrate
some passiveDNS tooling and more in depth practical knowledge to
turn theoretical use cases into automated assistance for a SOC or
NOC.<br>
<br>
<b>About Donald</b>:<br>
Donald "Mac" McCarthy is a 15 year veteran of the IT industry with
the last 8 years focused on InfoSec. He has worked on a variety of
different systems ranging from cash registers to super computers. It
was while serving as a systems administrator for a scientific
computing cluster that he discovered his passion for using linux for
highly distributed complex tasks. His current focus is using linux
with open source technologies like kafka and elastic search to build
tooling for security analysts and network operations. He is a proud
Veteran of the United States Army and recently relocated from
Atlanta to the East Valley.<b><br>
<br>
</b>
<hr width="100%" size="2"><br>
<table cellspacing="2" cellpadding="2" border="0" width="100%">
<tbody>
<tr>
<td valign="top"><b>Meeting Location</b>:<br>
Desert Breeze Substation<br>
251 North Desert Breeze Blvd West<br>
Chandler, AZ 85226<br>
<br>
The Desert Breeze Substation is on Chandler Blvd and Desert
Breeze Blvd, which is half way between McClintock and
Rural. It is very close<br>
to both the south 202 and 101 freeways. Public
transportation is<br>
available into the late hours.<br>
</td>
<td valign="top"><a
href="https://www.google.com/maps/place/251+Desert+Breeze+Blvd+W,+Chandler,+AZ+85226/@33.3076899,-111.9220921,17z/data=%214m5%213m4%211s0x872b06cdd50c43c7:0x7d3e9c66bdb7f8a2%218m2%213d33.3070191%214d-111.9193025?hl=en"
moz-do-not-send="true"><img alt="" title="Map to PLUG
meeting location"
src="cid:part2.EEBCB843.82571D19@snaptek.com" class=""
border="0" width="527" height="303"></a></td>
</tr>
</tbody>
</table>
<p>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</p>
<p>See <a
href="http://phxlinux.org/index.php/meetings/20-plug-security.html"
moz-do-not-send="true">the meeting information on our web site</a>
for more information.<br>
<br>
See you there,<br>
Brian Cluff<br>
<br>
</p>
</body>
</html>