Packets or it didn't happen!
More About DNS over HTTPS Traffic Analysis
Profiling TLS Traffic to Identify DNS over HTTPS
When MacOS Catalina Comes to Life: The First Few Minutes of Network Traffic From MacOS 10.15.
The Weekly Zeek: DNS Cache Poisoning detection
The Weekly Zeek: Events, not packets
The Weekly Zeek: Death of &persistent
DNS over HTTPS
Zeek Correlations: Outbound Connections
You’re Doing That Wrongly
I Can Read Your Mind
Odd ICMP Echo Requests
Esoterica: tcpdump DNS Anomalies
Copyright © 2018-2020, the original authors, Enclave Forensics, Inc., & The SANS Institute