If you are a heavy PassiveTotal web user, then surely you have noticed a big change in our application design since being acquired by RiskIQ. If this news is brand new, check out the post we did earlier this month before reading on!
3 Post Tagged as heatmaps
As highlighted in the ThreatConnect CameraShy report, greensky27.vicp.net played a critical role in uncovering potential threat actors associated with nation state activity. Operating under the assumption that we know nothing about this domain, let’s see what we can find using PassiveTotal. When viewing the domain inside the platform, it’s clear there’s a lot of information to go through, so as an analyst where do you start?
On the left-hand side
In the early days of PassiveTotal, we simply displayed passive DNS results inside of an HTML table. This was fine at first, but as time went on, we noticed that we were spending a lot of effort focusing on each date, mapping it to our research and trying to ensure the domain or IP we were analyzing actually fit within our timeline. We made mistakes, missed minor changes and completely failed to observe