Some interesting ideas in this thread;
Lets assume you have DNS logs. What is some stuff you like to look for when hunting through DNS logs?
— catte.jpg.vbs (@da_667) January 21, 2020
Personally, I like looking for dynamic DNS stuff because if it isn't malicious, a lot of the time its plan and out bizarre.
How bout you?