Tech Field Day

The Independent IT Influencer Event

  • Home
    • The Futurum Group
    • FAQ
    • Staff
  • Sponsors
    • Sponsor List
      • 2025 Sponsors
      • 2024 Sponsors
      • 2023 Sponsors
      • 2022 Sponsors
    • Sponsor Tech Field Day
    • Best of Tech Field Day
    • Results and Metrics
    • Preparing Your Presentation
      • Complete Presentation Guide
      • A Classic Tech Field Day Agenda
      • Field Day Room Setup
      • Presenting to Engineers
  • Delegates
    • Delegate List
      • 2025 Delegates
      • 2024 Delegates
      • 2023 Delegates
      • 2022 Delegates
      • 2021 Delegates
      • 2020 Delegates
      • 2019 Delegates
      • 2018 Delegates
    • Become a Field Day Delegate
    • What Delegates Should Know
  • Events
    • All Events
      • Upcoming
      • Past
    • Field Day
    • Field Day Extra
    • Field Day Exclusive
    • Field Day Experience
    • Field Day Live
    • Field Day Showcase
  • Topics
    • Tech Field Day
    • Cloud Field Day
    • Mobility Field Day
    • Networking Field Day
    • Security Field Day
    • Storage Field Day
  • News
    • Coverage
    • Event News
    • Podcast
  • When autocomplete results are available use up and down arrows to review and enter to go to the desired page. Touch device users, explore by touch or with swipe gestures.
You are here: Home / Videos / Infoblox Threat Intelligence (ITI) with Dave Mitchell

Infoblox Threat Intelligence (ITI) with Dave Mitchell

September 30, 2025 by



Security Field Day 14


This video is part of the appearance, “Infoblox Presents at Security Field Day 14“. It was recorded as part of Security Field Day 14 at 13:30-15:30 on September 24, 2025.


Watch on YouTube
Watch on Vimeo

Dave Mitchell will introduce the Infoblox Threat Intelligence (ITI) team, highlighting its specialized focus and unique capabilities in DNS-based security. He’ll explore the evolving threat landscape, sharing insights into emerging attack vectors and adversary tactics. The session will demonstrate how Infoblox’s deep expertise in DNS enables superior threat detection and protection. Attendees will gain a clear understanding of what sets Infoblox apart in the cybersecurity ecosystem. As a “recovering operator,” Mitchell explained that his team’s sole focus is DNS, a namespace so vast that it offers attackers near-infinite room to operate. He emphasized that Infoblox’s intelligence is entirely original and not repackaged from other sources. Their process involves a reputation system where algorithms analyze newly registered domains, clustering suspicious ones based on shared attributes like registration patterns and name server behavior. Human researchers then investigate these clusters to identify, name, and track threat actors, building robust signatures that can follow adversaries even as they adapt their tactics. This proactive approach results in a “low regret” security posture, blocking domains that users have no legitimate reason to visit.

This DNS-centric intelligence allows Infoblox to provide “protection before impact.” Mitchell shared that over a recent 90-day period, their system already contained 75% of malicious domains before a single customer query was ever made to them. This is possible because the team observes threat actor infrastructure as it’s being built. A significant portion of the presentation focused on the growing threat of malicious advertising technology (“malvertising”). He detailed how threat actors operate sophisticated Traffic Distribution Systems (TDS) that function like legitimate ad-tech platforms but serve malicious content. These systems use cloaking techniques to profile visitors, redirecting them to scams, info-stealers, or fake software updates only if they match specific criteria, while sending researchers or bots to harmless decoy sites like Google or Alibaba.

Mitchell provided a deep dive into the malvertising ecosystem, illustrating how criminal affiliate networks push everything from cryptocurrency and dating scams to dangerous malware like the SocGholish info-stealer. He highlighted a major threat actor his team has been tracking called Vextrio (also known as “Los Pollos”), a sophisticated cartel that runs a massive TDS operation. Beyond malvertising, he also touched on the persistent problem of lookalike domains, which are impossible for brands to proactively register across all 1,300+ top-level domains, and an advanced command-and-control technique where compromised websites use DNS text records to covertly fetch and decode malicious redirect URLs. These examples underscore the complexity of modern threats and the critical role of specialized, protective DNS in disrupting the attack chain.

Personnel: Dave Mitchell

  • Bluesky
  • LinkedIn
  • Mastodon
  • RSS
  • Twitter
  • YouTube

Event Calendar

  • Oct 9-Oct 9 — Tech Field Day Exclusive with Microsoft Security
  • Oct 15-Oct 15 — Tech Field Day Experience at NetApp INSIGHT 2025
  • Oct 22-Oct 23 — Cloud Field Day 24
  • Oct 29-Oct 30 — AI Field Day 7
  • Nov 5-Nov 6 — Networking Field Day 39
  • Nov 11-Nov 12 — Tech Field Day at KubeCon North America 2025
  • Jan 28-Jan 29 — AI Infrastructure Field Day 4
  • Apr 29-Apr 30 — Security Field Day 15

Latest Coverage

  • Hammerspace and the Open Flash Platform at #AIIFD3
  • How Mainframe Observability Bridges Legacy and Modern Systems
  • Share Cleveland 25 Took Mainframe to the Next Level
  • PopUp Mainframe: The Key to Faster, Cheaper, and Better Mainframe DevOps
  • Using Agentic AI to Assist Resilience with Opengear

Tech Field Day News

  • The Latest in Cybersecurity Innovation at Security Field Day 14
  • Pushing the Boundaries of AI Performance, Scale, and Innovation at AI Infrastructure Field Day 3

Return to top of page

Copyright © 2025 · Genesis Framework · WordPress · Log in