Speeding Up Analysis

With the recent addition of RiskIQ internet scanning and web crawling data into the platform, I find myself leaning heavily on our enrichment data to guide my analysis. Digging into an investigation and sifting through mountains of data for clues to as who is behind an attack campaign and how large that campaign is can be exciting, but often times we just want quick answers. We want to know if the domain we are investigating

read more

Web Crawl to Infrastructure Blowout

In our last blog post, we broke apart the RiskIQ web crawlers and outlined all the content they collect when browsing the Internet. This was helpful in understanding the data, but it didn’t really provide a good example of how we use this content to link to actor infrastructure. For this post, we are going to focus in on a criminal-based threat that often targets social media services and see how we could leverage

read more

What's in a Web Crawl?

Since releasing our host attribute dataset (pairs, components, trackers), we’ve gotten a lot of great feedback from our community. Users are reporting faster investigation times, more substantial connections and new research leads they wouldn’t have found otherwise. While these datasets are great, they are only a fraction of the data RiskIQ stores on a daily basis. What makes RiskIQ’s web crawling technology powerful is that it’s not just a simulation, it’

read more

Hashes or it Didn't Happen

If you’ve been in the trenches of security research, you may be familiar with the phrase, “hashes or it didn’t happen”. It’s a testament to the importance of having malware when conducting an investigation and it’s something PassiveTotal has historically lacked inside the platform. Our focus has always been to provide the most comprehensive infrastructure solution while working with companies dedicated to the processing malware to fill our gaps. Starting today,

read more

Automated Infrastructure Alerts

As analysts, one of the biggest challenges in dealing with malicious actors is maintaining insight into their operations. It's nearly impossible to know when an actor may decide to change their infrastructure and even more difficult for us to keep tabs on every domain or IP address they control. But what if you could get alerted to those changes automatically? Starting today, PassiveTotal users can now monitor infrastructure of interest and receive alerts when we

read more