Introduction
2023 is flying by! DomainTools has been keeping busy with live presentations, events and conferences, and our podcast – Breaking Badness. We hope you had a chance to catch our podcast mini series – Stronger Together, featuring researchers, intelligence analysts, security advocates, VPs, and C-suites in the industry coming together for this year’s RSA conference. We’ll be at Black Hat in Vegas in a few short weeks and it’s our goal to talk to more individuals there – stop by our booth to chat if you’d like to be on the show!
We shared several reports in Q2, one being the highly anticipated DomainTools Spring Report, which focuses on concentrations of malicious activity using six categories we observed from the Fall 2021 edition. By identifying “hotspots” of activity, investigators and researchers can see forensic data points to make sense of Internet infrastructure.
The second report we shared was The Economic Benefits of DomainTools Internet Intelligence, a study completed by the Enterprise Strategy Group, which spoke to a number of DomainTools clients to show others how DomainTools data can identify more malicious domains per month, increase response time, proactively avoid more incidents, and more, all while increasing return on investment.
And now onto blog content! If you’re new to this series, the purpose is to share what others have found helpful, interesting, or fun in our blog from the previous quarter. For those who haven’t had the chance to keep up with our regular weekly posts, this is a great time for a high-level view of what your colleagues in the industry have enjoyed from DomainTools.
The Winners Are In
Going From An IP Address to a Fully Qualified Domain Name in DNSDB
The people have spoken and the top blog post from Q2 is authored by none other than Joe St Sauver. This blog post is a follow up from a previous article – Going From A Domain Name to IP Address in DNSDB: Some “Pro Tips” To Keep in Mind. In Joe’s words, this article goes in “the other direction,” talking about using DNSDB to make the jump from an IP address to a fully qualified domain name (FQDN). He starts with a simple example, moving on to when an IP address isn’t associated with ANY domain name, the shared hosting example, wildcards, and more.
The Most Prolific Ransomware Families: 2023 Edition
In 2021, we compiled a defender’s guide for the most prolific ransomware families, and that continued to be such a popular blog post, we felt it deserved a refresh as there have been significant changes to the ransomware landscape. We look at the external forces impacting those changes, changes in victimology, the evolution of the ransomware-as-a-service model, and more.
Vegas or Bust: A First Timer’s Review of Black Hat and DEFCON
Last year was Ian Campbell’s first experience attending Black Hat and DEFCON, which he followed up with a blog to share with others. And not only had Ian not been to Black Hat, but he hadn’t been to Las Vegas period. Ian shares interesting talks he attended at Black Hat on election disinformation, harm reduction, burnout, and more. He pivots to discussing DEFCON and his romps in the Misinformation Village and the Blue Team Village. DomainTools will be at Black Hat this year and if you’re also a first timer, we hope Ian’s post gives you an idea of what to expect.
Introduction to IPFS
We’ve got another piece from Joe St Sauver making the list! The InterPlanetary File System (IPFS) has been attracting attention recently (both good and bad). Joe includes some of those in his article if you’re interested. He delves into what IPFS is and details why bad actors would be interested in it. I’ll say it here because he says it in the intro, so it’s not a giveaway: “content, including phishing sites or malware, hosted on IPFS addresses will normally be ‘takedown resistant.’” Joe then goes into how to access IFPS objects, the role of “pinning” services, IPFS gateway node objects in Farsight DNSDB, and more.
A Brief Comparison of Reverse Image Searching Platforms
This is another oldie, but goodie that made it to this past quarter’s top blogs. Like the title suggests, it compares reverse image search capabilities of some major image search engines including Google, Yandex, Bing, and TinEye. It’s helpful because in security research, images are sometimes overlooked in favor of indicators of compromise (IOCs), reports, malware binaries, and more. However, by searching images, you can learn a lot about the subject of your investigation. As a note, this article doesn’t get into the weeds of the more complex aspects of image analysis, but instead focuses on what to expect when uploading images for reversing.
Valuable Datasets to Analyze Network Infrastructure Part 1
This is another blog post we’ve recently updated! It’s written by the ephemeral Kelsey LaBelle and its goal is to showcase datasets proven by experienced incident response (IR) teams to be valuable when analyzing network infrastructure. She provides context as to why the datasets exist, how they interact with your internal threat intelligence, and their strengths and limitations. The article also has two follow up parts and a brand new cheat sheet available for download.
Removing the Mask: How Neurodiversity Strengthens Cybersecurity
We’ve got another blog building upon a previous one! In November 2022, Ian Campbell wrote a blog on neurodiversity and how organizations can create a neurodiverse employee resource group. Building off of that, he and Travis Hall discuss their experiences in the cybersecurity industry as neurodiverse individuals and the specific benefits of neurodivergence can more deeply benefit the industry as a whole. If listening is more your thing, Ian and Travis talk about their experiences on the Breaking Badness podcast.
Next Up: Q3!
We’re getting into the thick of Q3 already – can you believe it? We’ll be sharing more security research and we’ll be at some great events like Black Hat, Fal.con, the International Cyber Expo, and more! Be sure to check out our full list of events to see if we’re stopping by you.
If there are any topics you would be interested in reading about on our blog or covering in our weekly podcast, Breaking Badness, please feel free to tweet us at @DomainTools.
