18 Post Tagged as research

OSINT-Colored Glasses

If you spend enough time in the field, you slowly start to forget what’s common-knowledge versus what you pick up in the trenches or the day-to-day. Information security is no exception to this rule, and yet it’s so easy to forget, even when creating a product for analysts. As you login to the platform or use the API, it’s likely that you’ll now see a couple tags you haven’t added.

read more

SSL Certificates: Untapped Analyst Potential

Last week, we announced that PassiveTotal would be joining RiskIQ and debuted an updated version of the platform that brought access to new data sources and additional searching functionality. One feature we are most excited about is the expansion of our SSL certificate repository and the ability to pivot on any details inside of the certificate itself. To date, our certificate collection reaches back from present day to early 2013 and includes over 30 million

read more

Interpreting "greensky27" Inside PassiveTotal

As highlighted in the ThreatConnect CameraShy report, greensky27.vicp.net played a critical role in uncovering potential threat actors associated with nation state activity. Operating under the assumption that we know nothing about this domain, let’s see what we can find using PassiveTotal. When viewing the domain inside the platform, it’s clear there’s a lot of information to go through, so as an analyst where do you start?

On the left-hand side

read more

Know Your Foe: Who's Behind the WHOIS

Thousands of times a day, domains are bought and/or transferred between individuals. The process to make all of this happen is easy and only takes a few minutes and roughly $7 depending on the registrar provider. Beyond payment details, you must provide additional information about yourself, some of which gets stored as part of a WHOIS record once the domain has been setup.

WHOIS is a protocol that lets anyone query for information about

read more