7 Most Popular Blog Posts of Q2 2019

We have been staying very busy here the past three months at DomainTools! For starters, we released research conducted by the Ponemon Institute on Staffing the IT Security Function in the Age of Automation, we released enhancements to our integration with Splunk>Phantom and DomainTools Iris Investigate Platform,  launched an integrations with Anomali Threatstream, and were named the 9th best company to work for in 2019 by Seattle Business Magazine. With all that in mind, I hope you enjoy the top blogs of Q2 2019!

Button 1

Using DomainTools Threat Profile to Identify Risky TLDs

In the beginning there were six top level domains (TLDs). Ok, technically seven, but for our purposes here in-addr.arpa doesn’t matter. Unless you were a government (.GOV), military (.MIL), or educational institution (.EDU), there were only three TLDs you could register domains in, .COM, .NET, and .ORG. Then ICANN added .BIZ and later allowed countries to create  […]

Button 2


At DEF CON last year, Michael Thompson had the opportunity to participate in a capture the flag (CTF) competition that focused on industrial control systems (ICS). For those who don’t know, DEF CON is one of the most widely attended security/hacker competitions in the world, hosted annually in Las Vegas. Security CTFs are competitions that involve using a wide variety of offensive and forensic security […]

Button 3

Paul’s Security Weekly #598 on DomainTools Iris Investigate

Is this malicious? This question runs through the brains of SOC analysts across the world multiple times per day. When you are analyzing security events looking for the “bad” things, you often come across a domain that requires investigation. Domains are an integral part of a security investigation as a whole as they can appear in malware samples, malicious JavaScript […]

Button 4

Moving Target Defense and DNS Fast Flux

Moving Target Defense has become a buzzword in cybersecurity circles because of its promise to function as a proactive solution for zero day vulnerabilities. A zero day is a vulnerability that is being actively exploited for some time before “day one” of the public’s knowledge of the vulnerability, which makes it impossible for security professionals to defend against it […]

Button 5

The Threat Hunting Mixtape

A new industry buzzword in the infosecurity space is the concept of threat hunting. A now widely-accepted discipline (77% have a moderate or high degree of understanding about threat hunting) crafted to try and stay a step ahead of attacks by proactively detecting threats that might otherwise go unnoticed. This capability is picking up steam in organizations big and small, budgets seem to […]

Button 6

Inside the Murky World of HMRC Phishing Campaigns

In a phishing email which claims to be from HMRC (Her Majesty’s Revenue and Customs), the non-governmental department responsible for collecting taxes. Last year, the Guardian reported that thousands of university students were targeted with fake tax fraud emails in order to steal banking and personal information. The tax authority received thousands of reports over […]

Button 7

Cache 22

People say that once something’s on the internet, it’s there forever. And while that seems to be unfortunately true for Facebook posts and embarrassing photos, it isn’t always the case for information that may be useful for an investigation. In this blog post, I’ll discuss a couple of ways of finding information that has disappeared from the internet, as well as how to save something important to your investigation […]

We will continue to work hard for all of you in Q3. Additionally, we will be sure to keep you apprised of our progress, conferences and events, technical topics, industry news and much more. If there are any topics you would be interested in reading about on our blog or covering in our weekly podcast, Breaking Badness, please feel free to tweet us at @DomainTools or leave us a comment below.