Renée Burton of Infoblox unveils the inner workings of Decoy Dog/Pupy, the RAT toolkit that uses the domain name server (DNS) to establish command and control over targets. Decoy Dog has been in use for more than a year, and appears to be largely confined to Eastern Europe. Burton gives advice for how organizations can best protect themselves. She also exhorts organizations to better monitor their DNS infrastructure and to implement a strong, protective DNS strategy.
About the Speaker: Dr. Renée Burton is the Head of Threat Intelligence at Infoblox, where she leads the company’s global team that specializes in the creation of original intelligence for Infoblox’s BloxOne Threat Defense platform. She and her team are responsible for helping protect customers from malware and other attacks before they can enter the network, by preventing DNS resolution of both suspicious and malicious indicators. With a combination of data science, AI algorithms, and a deep understanding of both DNS and the threat intelligence landscape, the Infoblox Threat Intelligence team provides 24/7 support, ensuring optimal network protection.
A DNS expert, Dr. Burton joined Infoblox in 2018 after having spent 22 years at the National Security Agency (NSA). Dr. Burton holds a PhD in mathematics and was elevated to the US Government Senior Executive Service in 2005. During her tenure at NSA, she was involved in a wide range of programs as an individual contributor, strategist, and leader of data science and computer science research programs. Dr. Burton is an avid believer in DNS as both an important control point within a network and a source to hunt threats that escape the perimeter devices.