Something's Phishy: See the Hook Before the Bait

Name: Something's Phishy: See the Hook Before the Bait
Duration: 31 min
Description: DNS forensics is one of the most underutilized tools in threat hunting and incident response. Malachi Walker from DomainTools argues that by treating domains as characterizers, connectors, and identifiers — and by leaning on passive DNS — security teams can identify malicious infrastructure before the phishing lure ever lands in a victim's inbox. ---

Malachi Walker

BSidesSF 2025 — Here Be Dragons · Day 1 · Main

DNS forensics is one of the most underutilized tools in threat hunting and incident response. Malachi Walker from DomainTools argues that by treating domains as characterizers, connectors, and identifiers — and by leaning on passive DNS — security teams can identify malicious infrastructure before the phishing lure ever lands in a victim's inbox. ---

AI review

A competent DNS threat intelligence talk that covers the fundamentals well and includes concrete examples of pre-victim infrastructure discovery. Walker's three-role domain framing — characterizer, connector, identifier — is a useful mental model. The DomainTools vendor affiliation means the tooling recommendations should be weighted accordingly, but the underlying methodology is sound.

Watch on YouTube