42 Articles

Brandon Dixon


Living in San Francisco, CA

Brandon is the lead developer and co-founder of PassiveTotal. His research involves data analysis, tool development and devising strategies to counter threats earlier in the decision cycle. |

Web Crawl to Infrastructure Blowout

In our last blog post, we broke apart the RiskIQ web crawlers and outlined all the content they collect when browsing the Internet. This was helpful in understanding the data, but it didn’t really provide a good example of how we use this content to link to actor infrastructure. For this post, we are going to focus in on a criminal-based threat that often targets social media services and see how we could leverage

read more

What's in a Web Crawl?

Since releasing our host attribute dataset (pairs, components, trackers), we’ve gotten a lot of great feedback from our community. Users are reporting faster investigation times, more substantial connections and new research leads they wouldn’t have found otherwise. While these datasets are great, they are only a fraction of the data RiskIQ stores on a daily basis. What makes RiskIQ’s web crawling technology powerful is that it’s not just a simulation, it’

read more

Hashes or it Didn't Happen

If you’ve been in the trenches of security research, you may be familiar with the phrase, “hashes or it didn’t happen”. It’s a testament to the importance of having malware when conducting an investigation and it’s something PassiveTotal has historically lacked inside the platform. Our focus has always been to provide the most comprehensive infrastructure solution while working with companies dedicated to the processing malware to fill our gaps. Starting today,

read more

Derived Host Pairs from Web Crawling

Did you realize that in loading this blog post, your web browser made over 50 network requests for resources in order to construct it? The modern web is a complex graph of dependent requests made up of images, code libraries, page content and other references. Every day, RiskIQ’s crawling technology makes nearly 2 billion HTTP requests online and saves the contents of the session inside of a database. Using years of this data, engineers

read more

Bring PassiveTotal Directly to Splunk

Users have asked, and now it's here.

With the all-new PassiveTotal App for Splunk, organizations can now bring context to external threats, analyze attack data, and correlate that information with their internal event data to pinpoint and remediate threats—all in one place.

How does it work?

PassiveTotal App for Splunk from RiskIQ on Vimeo.

To automate security investigations into suspicious domains or IP addresses, the PassiveTotal App for Splunk searches the large and diverse

read more