Introduction
I had marveled in our last quarterly update how quickly this year is flying by! We’ve kept busy in the second half of the year with events and conferences, attending Black Hat/DEFCON, Fal.Con, the International Cyber Expo (ICE), and GrrCon. Be sure to subscribe to our newsletter to see where we’re headed next!
Both Q3 and Q4 were also a busy time for our podcast, Breaking Badness. We had six fantastic guests join us recently: Tracy Maleeff (aka @InfosecSherpa), Allan Liska (@uuallan), Peter Lowe (@pgl), and Tony Robinson (@da_667), Sean Gallagher (@thepacketrat), and @nullcookies. Tracy, Peter, Tony, and Sean are all first time guests on the show, and they discuss their paths to information security (infosec), their passions within the space, and a little about who they are outside of work. Allan rejoins us for a third time (check out our conversation from RSA 2023 here) to discuss a passion project he’s been working on – a cybersecurity comic book, released this Fall!
Finally, we hosted some great webinars recently: Elevate Your Defenses with Splunk and DomainTools demonstrated the latest updates to the DomainTools Apps for Splunk and Splunk SOAR. Applied Intelligence: Practical Wins using DomainTools launched our Recipe Book series, which are scripts, playbooks, and other ways to directly plug intelligence developed with DomainTools into security ecosystems. Passive DNS Strategies for Aggressive Threat Hunting covered basic techniques and methodologies on how to use Farsight DNSDB for threat hunting. Finally, we finished the year with our 2024 Infosec Forecast where we took trends we’re seeing to predict what might occur in the new year.
Now let’s get into blog posts! If you’re new to this series, each quarter we share the top posts your peers in the space have found to be interesting, educational, or fun. If you haven’t been able to keep up with our weekly posts, this is a great opportunity for a high-level view of what those in the industry have enjoyed from DomainTools.
Top Blog Posts from DomainTools in Q4 2023
Return to Sender – A Brief Analysis of a US Postal Service Smishing Campaign
This is the first blog post we shared regarding the phishing campaign targeting the United States Postal Service (check out our follow up blog if you haven’t already). But here, we discuss the uptick in campaigns targeting this organization, look into the domain mentioned in the text message, and use Maltego to provide a better understanding of the scope and history of activity. We also discussed this campaign with our friend, @nullcookies, on the Breaking Badness podcast.
Less Phishing, More Cat Pictures
This post was created for CISA’s Cybersecurity Awareness Month, and we review what phishing is as well as the underlying issue of social engineering, complete with examples throughout history. The piece concludes with ways you and your organization can stay safe out there.
The Most Prolific Ransomware Families: 2023 Edition
Coming in at the number 1 spot is our updated piece on the Most Prolific Ransomware Families! The threat landscape has changed since our initial post in 2021 which warranted an update. This article looks at the external forces creating disruptions for malicious actors, along with a review of targeted industries and top ransomware groups by victimology.
Going From An IP Address to A Fully Qualified Domain Name (FQDN) In DNSDB
This piece from Distinguished Scientist, Joe St Sauver, is part of a short series (the first being “Going From A Domain Name to IP Address in DNSDB: Some “Pro Tips” To Keep In Mind”). While that article begins with a fully qualified domain name (FQDN) resolving to its IP address, this article goes in the opposite direction of using Farsight DNSDB to go from an IP address to a FQDN.
Ramnit, Jim, I’m a threat hunter, not a doctor!
Tim Helming penned this article after reviewing a June 2023 threat roundup blog by the Cisco Talos research team. That post described how the banking Trojan malware, Ramnit, was the most prevalent threat that week. Tim took an interest and decided to see the infrastructure it’s been using to see if we could learn anything else and, ideally, stay ahead of it. Using Iris Investigate, Tim dives into a brief infrastructure analysis.
Using Farsight DNSDB Flexible Search to Find Matching Rdata in TXT Records
We’ve got another popular post from Joe St Sauver in the mix! There’s a lot that can be potentially uncovered in TXT records, but they have been historically hard to search due to their structure. Joe provides two uses for TXT records (“controls strings” and SPF entries) and demonstrates how to search for them in Farsight DNSDB using Flexible Search.
Hunting Subdomains at DEFCON 31
As mentioned above, we attended this year’s DEFCON! As you might be aware, competitions at this show are popular, and DomainTools decided to get in on the action with the Recon-Aacharya Challenge to find subdomains – we just couldn’t resist! In this post, we share our methodology and results – you’ll have to read the post – no spoilers here!
Next Up: 2024!
Wow, 2024 is upon us – where did 2023 go? We’ll be sharing more security research and attending conferences like AFCEA West, HIMSS24, RSA, and more!
If there are any topics you would be interested in reading about on our blog or covering in our weekly podcast, Breaking Badness, please feel free to reach us on Mastodon or X.
