3 Post Tagged as heatmaps

Interpreting "greensky27" Inside PassiveTotal

As highlighted in the ThreatConnect CameraShy report, greensky27.vicp.net played a critical role in uncovering potential threat actors associated with nation state activity. Operating under the assumption that we know nothing about this domain, let’s see what we can find using PassiveTotal. When viewing the domain inside the platform, it’s clear there’s a lot of information to go through, so as an analyst where do you start?

On the left-hand side

read more

Rethinking Passive DNS Results

Why Heatmaps?

In the early days of PassiveTotal, we simply displayed passive DNS results inside of an HTML table. This was fine at first, but as time went on, we noticed that we were spending a lot of effort focusing on each date, mapping it to our research and trying to ensure the domain or IP we were analyzing actually fit within our timeline. We made mistakes, missed minor changes and completely failed to observe

read more