If you spend enough time in the field, you slowly start to forget what’s common-knowledge versus what you pick up in the trenches or the day-to-day. Information security is no exception to this rule, and yet it’s so easy to forget, even when creating a product for analysts. As you login to the platform or use the API, it’s likely that you’ll now see a couple tags you haven’t added.
18 Post Tagged as research
If you are a heavy PassiveTotal web user, then surely you have noticed a big change in our application design since being acquired by RiskIQ. If this news is brand new, check out the post we did earlier this month before reading on!
Last week, we announced that PassiveTotal would be joining RiskIQ and debuted an updated version of the platform that brought access to new data sources and additional searching functionality. One feature we are most excited about is the expansion of our SSL certificate repository and the ability to pivot on any details inside of the certificate itself. To date, our certificate collection reaches back from present day to early 2013 and includes over 30 million
As highlighted in the ThreatConnect CameraShy report, greensky27.vicp.net played a critical role in uncovering potential threat actors associated with nation state activity. Operating under the assumption that we know nothing about this domain, let’s see what we can find using PassiveTotal. When viewing the domain inside the platform, it’s clear there’s a lot of information to go through, so as an analyst where do you start?
On the left-hand side
Thousands of times a day, domains are bought and/or transferred between individuals. The process to make all of this happen is easy and only takes a few minutes and roughly $7 depending on the registrar provider. Beyond payment details, you must provide additional information about yourself, some of which gets stored as part of a WHOIS record once the domain has been setup.
WHOIS is a protocol that lets anyone query for information about