DomainTools

Automated Discovery of Chenlun Domains - Splunk Enterprise Security

103 — Thu, 30 Jan 2025 16:20:00 +0000

TL;DR This technical blog explores a next step in this investigation on Chenlun by automating Splunk searches to gather domains using DomainTools, and share them using Splunk’s trigger actions. By integrating DomainTools with Splunk, you can streamline the identification of malicious domains, stay ahead of attackers, and optimize your security resources. Using Passive DNS to […]

Five Ways to Give Bad Actors a Taste of Their Own Medicine

54 — Thu, 11 Apr 2024 16:00:00 +0000

Last month, I had the pleasure of traveling to Orlando to speak at the HIMSS Global Health Conference and Exhibition about Adversary Infrastructure Analysis. There, I and others on the DomainTools team were able to connect with professionals with several different backgrounds in healthcare and see firsthand how they perceived the future of the industry. […]

Enhancing dnsdbq Output With Geolocation Data

54 — Thu, 28 Mar 2024 15:47:03 +0000

Introduction Farsight DNSDB allows users to query domain names and get back IP addresses. These DNS “A record” results link a domain name to one or more IP addresses for a time window. Often when doing an investigation, you may want additional contextual information about an IP Address, such as routing information via the IP’s […]

What Did We Learn from the 2023 Holiday Season?

54 — Thu, 07 Mar 2024 16:48:29 +0000

With Valentine’s Day now over and no collective shopping seasons on the horizon for a while, one might not give much thought to campaigns and threats impacting retail consumers. Yet spring is right around the corner and shopping is a year round activity. There is activity from the 2023 holidays that both consumers and retailers […]

Thwarting State-Sponsored Threats: Four Ways to Give Bad Actors More Bad Days

54 — Thu, 15 Feb 2024 16:48:12 +0000

Security Operations Centers (SOCs) often deal with the aftermath of malicious attacks. This is especially true in the federal landscape, as security teams regularly find themselves defending extremely sensitive information from adversaries that have the backing of entire nations. As these adversaries continually refine their tactics, federal SOC teams face an opportunity to not only […]

Investigate All the Things - in Slack

54 — Thu, 12 Oct 2023 15:42:38 +0000

DomainTools Recipes: Pivoting and Monitoring the Undead Earlier this year we introduced the concept of the DomainTools “Recipe Book,” a series of instructions for using DomainTools data in specific applications to meet various use cases. In each entry of this series, we’ll describe one or more objectives and share some tools and procedures needed to […]

Parallelizing Your Farsight DNSDB Queries

54 — Tue, 26 Sep 2023 14:52:40 +0000

Ever wish you could get a bunch of Farsight DNSDB queries completed more quickly? Often you can! DNSDB API subscribers can run up to ten parallel streams of DNSDB queries, even though most users only run their queries sequentially. The easiest way to explain the difference between serial and parallel execution paradigms may be with […]

Introducing the DomainTools “Recipe Book” Project

54 — Thu, 07 Sep 2023 15:43:46 +0000

Going back many years in the history of DomainTools, we have spent a lot of time learning about the various ways in which practitioners can put the data we provide into practical action in their environments. After all, while we might think that pivoting around adversary infrastructure is an interesting pastime in and of itself […]

Using Farsight DNSDB Flexible Search to Find Matching Rdata in TXT Records

54 — Thu, 17 Aug 2023 04:00:07 +0000

Introduction DNS TXT records are the “kitchen junk drawer” of DNS. They are often used to store miscellaneous data that isn’t a good fit for any of the other more narrowly-defined DNS record types, such as A, AAAA, CNAME, MX, NS, or other record types. There’s a lot that you can potentially uncover in TXT […]

Classic DNSDB API Version 1 vs the Newer DNSDB API Version 2 (DNSDB APIv2): What Are YOU Using?

54 — Thu, 31 Aug 2023 04:00:59 +0000

Introduction DNSDB is the gold standard collection of Passive DNS information. It is a historical database that provides a unique, fact-based, multifaceted view of the configuration of the global Internet DNS infrastructure as viewed from DNS queries. A primary way to access data from DNSDB is via our APIs. Many users of DNSDB Passive DNS […]