20 Post Tagged as analysis

Surfacing Infrastructure with Trackers

Imagine this -- you’re looking to harvest a bunch of cloud-storage user credentials through a phishing campaign. Your email is perfect, domains registered and now all you have left to do is make a copy of your target’s web page, modify the POST script and hit send. Within minutes, you are collected credentials and your campaign is a success.

This process may sound complicated, but it’s not. Attackers can easily copy your

read more

Harnessing SSL Certificates Using Infrastructure Chaining

Infrastructure chaining leverages the relationships between highly-connected datasets to build out an investigation. This process is the core of Threat Infrastructure Analysis and allows organizations to surface new connections, group similar attack activity and substantiate assumptions during incident response. In this blog, we will focus on infrastructure chaining centered around SSL Certificates and how this data set complements traditional sources for infrastructure analysis.

Analysts can use certificate hashes and facets to conduct investigations and discover

read more

Identify the "Who" and "Why" of Attacks with Intel 471

When dealing with a cyber intrusion, some of the first questions asked are “who” did this and “why” us. Though the questions posed are simple, they are extremely difficult to answer and require intimate knowledge of the cyber underground in order to begin constructing an intelligent response. PassiveTotal relies on data partners for such actor-data and is excited to announce our latest integration with Intel 471.

Formed in 2014, Intel 471 was created in order

read more

SSL Certificates: Untapped Analyst Potential

Last week, we announced that PassiveTotal would be joining RiskIQ and debuted an updated version of the platform that brought access to new data sources and additional searching functionality. One feature we are most excited about is the expansion of our SSL certificate repository and the ability to pivot on any details inside of the certificate itself. To date, our certificate collection reaches back from present day to early 2013 and includes over 30 million

read more

Interpreting "greensky27" Inside PassiveTotal

As highlighted in the ThreatConnect CameraShy report, greensky27.vicp.net played a critical role in uncovering potential threat actors associated with nation state activity. Operating under the assumption that we know nothing about this domain, let’s see what we can find using PassiveTotal. When viewing the domain inside the platform, it’s clear there’s a lot of information to go through, so as an analyst where do you start?

On the left-hand side

read more