Introduction
It’s hard to believe, but it’s once again time to take a look at the most popular blogs from the past quarter! And boy has it been a busy Q3 – we went to Black Hat (some of us for the first time), we rolled out our new and improved look, we’ve participated in some informative webinars, and we had the opportunity to highlight the oh so talented Tracie Winslow in our latest Employee Spotlight!
If this is your first time checking out this series, our goal is to share what other viewers found most helpful or fun in our blog the previous quarter. For those who might not be able to keep up with our weekly posts, it’s a great time to get a high-level view of what’s been going on at DomainTools.
And The Votes Are In
[New Look, Same Commitment] To a Safe, Secure, and Open Internet for Everyone
In August, we launched our new look! The purpose of this shift was to help our web visitors better understand what we do more quickly and improve page load times for a better user experience. We also wanted to modernize our brand to reflect where we’ve been and where we’re going. The rebrand appears to be so well-received that a fan even used a CNC machine to make their own updated DomainTools logo!
Network Traffic Analysis and Adversary Infrastructure
Conversations around use cases for DNS, domain, screenshots, and SSL certificates, and related data usually surround basic principles, but in this blog post by Tim Helming, we delve into how to spot risky traffic flows, how that information can be pieced together, and how Iris Investigate and Farsight DNSDB can help.
Did you know that this blog has a Part II? Well, now you do! Check it out and it might be in the next round up of top blogs.
Analyzing Network Infrastructure as Composite Objects
This is an oldie but a goodie from security researcher Joe Slowik. This article discusses how common views of network infrastructure observables are historically misguided and seeks to increase our understanding of their characteristics for a more in-depth analysis and potent image of adversary tendancies.
“I’ve Found Some Bad Domains—Now What?”
We don’t talk about Bruno…or what happens after we find bad domains, as it turns out. Joe St Sauver penned this article because he noticed that we tend to focus on starting clues in an investigation (I mean, it probably is more of the fun part), but what about next steps? This article discusses following up on bad domains going down three distinct paths: one involving law enforcement, one with lawyers, and one technical.
Fraud in the Time of COVID
Get the popcorn, this one was a doozy! Coming in from DomainTools Research, this article told the story of a Nigerian threat actor impersonating medical institutions in the United States with the goal of fraudulently obtaining medical equipment – a scheme horrid even in the best of times, let alone a pandemic. Our researchers review the bread crumbs this actor left behind to see where his missteps and his ultimate undoing.
Tools To Quickly Extract Indicators of Compromise
Another perennial article still coming up fresh with viewers! Popularity with this article shows how important it is to understand terminology, in this case being “Indicators of Compromise” or IoCs. Author Kelsey LaBelle covers the big world of IoCs including how they’re shared among defenders, how to determine what information you have internally versus what you need externally, and the tools to acquire external IoCs.
Timing Is Everything
Sometimes all the details line up perfectly and things work out the way you want them to. Unfortunately, the same holds true for bad actors. Health, political, and global events can launch a battery of new campaigns for cybercriminals for a litany of reasons (financial gain, misinformation, political influence, etc.) But this article exercised DomainTools predictive risk scores to get a sense of what events could be ripe for malicious intent.
Onward To Q4!
The year might be winding down, but we’re still keeping busy here at DomainTools. There will be more product enhancements, security research, and industry news coming your way. We’ll also be at a few shows including Wild West Hackin’ Fest, GrrCon, and mWise, just to name a few. Be sure to take a look at our full schedule to see if we’ll be at an event near you!
If there are any topics you would be interested in reading about on our blog or covering in our weekly podcast, Breaking Badness, please feel free to tweet us at @DomainTools.
