We’ve previously reported on the Internet’s use of IPv4 address space as seen in count data from Farsight DNSDB. As part of that work, we mapped the Internet’s IPv4 address space for a 90 day period, visualizing that data using space filling Hilbert Curve “heatmaps” plus a series of violin plots. This is the IPv6 “companion volume” to that IPv4 report, delivering similar insights for IPv6 counts and unique RRsets over a 90 day period.

We believe this is a unique snapshot of domain-related IPv6 deployment on the public Internet as seen in passive DNS data.

The post IPv6 Deployment on the Internet appeared first on DomainTools | Start Here. Know Now..

At the 2023 DEF CON, the Recon Village ran the “ReconAacharya Subdomain Enumeration Challenge.” Subdomain enumeration is a terrific subject for a cybersecurity competition, since it is often a key first step in attack surface assessment. This report is a post-hoc discussion of the DomainTools-affiliated team’s submission to that challenge. In addition to describing our solution, we also describe an alternative approach that can yield two orders of magnitude more results than our team’s winning submission at DEF CON 2023.

The post The DEF CON Recon Village Subdomain Enumeration Challenge: A Retrospective appeared first on DomainTools | Start Here. Know Now..

Welcome to this Best Practices Guide from DomainTools. This reference offers insights into the cyber threats facing the tech sector, what the landscape looks like for defenders, and how security teams are making effective use of adversary infrastructure analysis to gain an edge.

This Guide consists of four sections:

• The current threat landscape
• Successes and limitations of common defensive strategies
• The value of DNS and DNS-adjacent data in adversary analysis, and why DomainTools is a leader in this space
• How security teams are solving important security problems with DomainTools

The post Best Practice Guide Technology appeared first on DomainTools | Start Here. Know Now..

Case studies offer a helpful framework for how certain tools and techniques unlock insights that would be difficult or impossible to achieve otherwise. Often, these same case studies also provide useful context concerning the broader underground economy. 

Using the case study of the Manipulaters, a prolific Pakistan-based cybercrime merchant that enabled countless phishing campaigns over nearly a decade of activity, this piece explores the role of historical Whois and DNS data in mapping a domain-focused threat actor’s footprint. Importantly, understanding the historical context of this group’s most active period not only offers important context, but it also provides insights into what appears to be a resurgence of activity after a period of dormancy.

In this Security Bulletin, readers will better understand: 

• The context and broader market forces that allowed the Manipulaters to flourish 
• The groups’ ascent from phishing kit vendor to domain reseller 
• How DomainTools Iris Investigate and historical Whois records revealed several thousand domains associated with the Manipulaters over the last decade

The post A Look Back on "The Manipulaters" appeared first on DomainTools | Start Here. Know Now..

As one of the highest-profile targets for cybercrime, intellectual property theft, extortion, fraud, and espionage, the healthcare sector is especially at risk to threats such as Business Email Compromise (BEC), ransomware, and others. This can have far reaching consequences that can range from reputational damage to the endangerment of lives. 

In this Best Practices Guide, we offer insights into the cyber threats facing the Healthcare sector, what the landscape looks like for defenders, and how security teams are making effective use of adversary infrastructure analysis to gain an edge.

In this guide, readers will learn about: 

• The current threat landscape
• Successes and limitations of common defensive strategies
• The value of DNS and DNS-adjacent data in securing healthcare environments, including Internet of Things (IoT) and Internet of Medical Things (IoMT) devices
• How security teams in healthcare are solving important security problems with DomainTools

The post Best Practices Guide Healthcare appeared first on DomainTools | Start Here. Know Now..

It’s understood that the threat landscape is growing and evolving, though certain trends may be quickening relative to earlier times. With adoption of large language models (LLMs) like ChatGPT, more convincing phishing lures, Business Email Compromise (BEC), and more, there are many opportunities for bad actors to craft new ways to bypass detection. The retail sector is in no way immune to these threats; they manifest year-round but seem to bloom during each year’s busy holiday shopping season.

In this Best Practices Guide, we offer insights into the cyber threats facing the retail sector, what the landscape looks like for defenders, and how security teams are making
effective use of adversary infrastructure analysis to gain an edge.

In this guide, readers will learn about:

• The current threat landscape
• Successes and limitations of common defensive strategies
• The value of DNS and DNS-adjacent data in compliance with complex regulations and in adversary analysis, and why DomainTools is a leader in this space
• How security teams are solving important security problems with DomainTools

The post Best Practice Guide Retail appeared first on DomainTools | Start Here. Know Now..

It’s understood that the threat landscape is growing and evolving, though certain trends may be quickening relative to earlier times. With adoption of large language models (LLMs) like ChatGPT, more convincing phishing lures, Business Email Compromise (BEC), and more, there are many opportunities for bad actors to craft new ways to bypass detection. As one of the highest-profile targets for cybercrime, intellectual property theft, extortion, fraud, and espionage, the financial sector is especially at risk to these threats.

In this Best Practices Guide, we offer insights into the cyber threats facing the financial sector, what the landscape looks like for defenders, and how security teams are making effective use of adversary infrastructure analysis to gain an edge.

In this guide, readers will learn about:

• The current threat landscape
• Successes and limitations of common defensive strategies
• The value of DNS and DNS-adjacent data in compliance with complex regulations and in adversary analysis, and why DomainTools is a leader in this space
• How financial-sector security teams are solving important security problems with DomainTools

The post Best Practice Guide Financial Services appeared first on DomainTools | Start Here. Know Now..

Self-managed VPS (Virtual Private Servers) can make new systems inexpensive for technically skilled individuals to deploy, either for hosting a personal domain, to create a remote distributed node, or for working with DNSDB API or the Security Information Exchange (SIE) data, or other purposes. 

While you can get a Un*x VPS easily and inexpensively today, there are still a number of details necessary to bring up a functional and secure system. This report is meant to help users bring up a secure-yet-still-usable system. 

In this report, we will discuss: 

• Basic authoritative DNS records that should be created in one’s DNS provider’s control panel
• Bringing up sshd for encrypted remote access with public key authentication and Yubikey MFA support
• Getting automatic patching set up
• And much more

The post Building a Secure VPS Server Under Debian 11 appeared first on DomainTools | Start Here. Know Now..

It’s understood that the threat landscape is growing and evolving, though certain trends may be quickening relative to earlier times. With adoption of large language models (LLMs) like ChatGPT, more convincing phishing lures, Business Email Compromise (BEC), and more, there are many opportunities for bad actors to craft new ways to bypass detection. While many sectors are appealing to cybercriminals, the Government sector can be particularly appealing. 

In this Best Practices Guide, we offer insights into the cyber threats facing the Government sector, what the landscape looks like for defenders, and how security teams are making effective use of adversary infrastructure analysis to gain an edge.

In this guide, readers will learn about: 

• The current threat landscape
• Successes and limitations of common defensive strategies
• The value of DNS and DNS-adjacent data in Zero Trust initiatives and in adversary analysis, and why DomainTools is a leader in this space
• How government-sector security teams are solving important security problems with DomainTools

The post Best Practices Guide Federal Government appeared first on DomainTools | Start Here. Know Now..

Just like security teams, security products and services looking to better protect organizations require the best domain intelligence possible. For more than 20 years, DomainTools has been building its domain and DNS infrastructure database, which now covers 97% of the Internet. OEMs that partner with DomainTools see faster time-to-market, increased revenue streams, and improved product quality. 

DomainTools Intelligence Feeds, Monitors, APIs, and Farsight DNSDB query capabilities can be licensed and integrated into products and services offered by OEM partners far quicker and more cost effectively than if they tried to build the functionality themselves, resulting in a higher quality product and better protected customers. 

Download this eBook to learn how: 

• DomainTools lets OEMs maximize offerings and grow market share
• Earlier threat detection and enhanced coverage reduces OEM risk 
• An integration with DomainTools can improve OEM product quality and customer satisfaction

See how DomainTools can quickly advance and differentiate cyber product and service companies’ solutions.

The post Best Practices: How to Leverage Domain and DNS Intelligence for OEMs appeared first on DomainTools | Start Here. Know Now..