DomainTools

Carrying Arbitrary Data Payloads (Such as Images) In NMSG

54 — Thu, 02 Mar 2023 16:51:07 +0000

Introduction If you work with SIE (the Security Information Exchange), you’ll have encountered NMSG-format files. NMSG is the format Farsight Security (now part of DomainTools) uses to distribute DNS cache miss traffic and other cybersecurity data over SIE’s jumbo frame-enabled Ethernet switches. NMSG payloads normally contain small observations, and in fact, we’re often able to […]

Using Iris Investigate Pivot Engine to Collect Bulk Screenshots

48 — Thu, 10 Nov 2022 04:00:29 +0000

There are times when an analyst would like to examine and capture images of a website (or set of websites) that may be of interest. This may be a matter of generally understanding “what a site is all about,” or there may be more specific goals such as confirming that a set of sites share […]

How to Not Give a Scam

51 — Thu, 18 Feb 2021 00:00:00 +0000

Learn about tactics attackers use for extortion emails and how to build a picture around raw data as the DomainTools team leads an investigation into a sextortion scam.

Leveraging Risk Scoring for Threat Hunting: DomainTools Risk Score

51 — Thu, 12 Mar 2020 00:00:00 +0000

As organizations grow their security strategies to include proactive tactics such as threat hunting, they are leveraging several different tools to accomplish their…

Strengthen Your Investigations’ Resolve with pDNS

51 — Thu, 05 Mar 2020 00:00:00 +0000

Learn how to use passive DNS to hunt through malicious domains to see the underlying infrastructure set up behind them, any DNS tunneling for C2 or data exfiltration happ

Unraveling A Telecom Billing Fraud Campaign Targeting UK Users

51 — Thu, 20 Feb 2020 00:00:00 +0000

DomainTools Security Research Team regularly monitors our domain collection. One site that came through recently was quite nefarious and yet to appear on any blocklist.

Spoofing Banks is a Balancing Act

51 — Thu, 30 Jan 2020 00:00:00 +0000

Join Senior Security Advisor, Corin Imai, for an investigation into known bad domains. In this blog, learn how to map connected infrastructure to expand from one indica

Hunting for RATs (Remote Access Trojans)

51 — Tue, 14 Jan 2020 00:00:00 +0000

DomainTools and Askari Blue have teamed up to provide a playbook that encapsulates the workshop lesson ‘Hunting for RATs’ and guides the reader through a series of toolse

DomainTools 101: Looking at Greenbug’s DNS Tunneling in ISMDoor with DomainTools Iris Investigate

51 — Thu, 12 Dec 2019 00:00:00 +0000

Thanks to the specific fingerprints of the ISMDoor malware we can keep an eye on current activity and reference past activity through Iris by looking for AAAA records tha

Iris Investigations At-A-Glance: How to Pivot on Domain Data for Agile and Intelligent Threat Response

51 — Thu, 31 Oct 2019 00:00:00 +0000

Last year, Japanese authorities reported a sophisticated and aggressive phishing campaign using websites spoofing Sagawa Express Co., a major shipping and logistics compa