Episode 33: DNS and IP Intelligence Sources
DNS and IP addresses may seem simple at first glance, but they’re powerful resources for cyber defense—if you know how to use them. In this episode, we explore how analysts use DNS and IP intelligence to detect threats, validate indicators of compromise, and make informed decisions during an investigation. You’ll learn how WHOIS records, reverse lookups, and passive DNS data can help trace adversary infrastructure and identify suspicious domains.
We also dive into threat reputation services like AbuseIPDB, how they assign risk to domains and IPs, and how they can be integrated into alerting systems or SIEMs. By understanding how analysts assess domains and IPs in real time, you’ll gain a vital edge in threat hunting and incident triage—while also checking off a core CySA+ knowledge area with confidence. Brought to you by BareMetalCyber.com
