Daniel Ruef
CERT
Publications by Daniel Ruef
-
Experiences with Deploying Mothra in Amazon Web Services (AWS)
April 26, 2022 • Technical Report
Brad PowellDaniel RuefJohn Stogoski
The authors describe development of an at-scale prototype of an on-premises system to test the performance of Mothra in the cloud and provide recommendations for similar deployments.
read -
Defending Your Computer Network from DNS Hijacking
April 15, 2019 • Video
Eliezer KanalDaniel Ruef
This SEI Cyber Talk episode provides an overview of how DNS and network traffic work and how adversaries use DNS hijacking to steal sensitive information.
watch -
Open-source Measurement of Fast-flux Networks While Considering Domain-name Parking
December 19, 2017 • Conference Paper
Leigh B. MetcalfDaniel RuefJonathan Spring
In this paper, domain parking is the practice of assign- ing a nonsense location to an unused fully-qualified domain name (FQDN) to keep it ready for “live” use.
read -
Detecting Traffic to Recently Unparked Domains with Analysis Pipeline
January 11, 2016 • Presentation
Daniel Ruef
In this presentation, the authors discuss using Analysis Pipeline to detect (1) changes in the control plane and (2) data going to recently unparked IP addresses.
read -
Indicator Expansion with Analysis Pipeline
January 12, 2015 • Presentation
Daniel Ruef
In this presentation, given at FloCon 2015, Dan Ruef discusses indicator expansion.
read -
Incorporating Dynamic List Structures into YAF
January 10, 2011 • Presentation
Dan RuefEmily Sarneso
In this presentation, the authors discuss IPFIX limitations and extensions, list structure, and mediators in YAF.
read -
Analysis Pipeline
January 10, 2011 • Presentation
Dan Ruef
In this presentation, Dan Ruef discusses moving analysis from retroactive to real time, pipeline capabilities, and streaming analysis coding issues.
read