In the world of Phishing and malware attacks, hackers face many obstacles which they can only outsmart via sophisticated, often twisted methods. Furthermore, today’s large scale cyber campaigns require complex communication infrastructure with thousands of infected machines. DNS is a corner stone of the internet and as such is likely to contain unique footprints of such communication, seemingly concealed in the overall traffic. It is a great challenge to scrutinize and filter these anomalies - like a needle in a haystack. In this lecture we will discuss some of the challenges we tackled and how we solved them using big data and behavioral analysis tools.