Threat Intelligence

 Sponsored
by

Noteworthy

Reverse WHOIS: A Powerful Process in Cybersecurity

WhoisXML API
A Domain Research, Whois, DNS, and Threat Intelligence API and Data Provider Jun 14, 2019 |   Read More |   13,854

Domain Research and Monitoring: Keeping an Eye on the Web for You

WhoisXML API
A Domain Research, Whois, DNS, and Threat Intelligence API and Data Provider May 24, 2019 |   Read More |   13,152

WHOIS History API: Powering Domain Investigations

WhoisXML API
A Domain Research, Whois, DNS, and Threat Intelligence API and Data Provider May 22, 2019 |   Read More |   12,588

Threat Intelligence / Featured Blogs

The Economy, Not Surveillance or Weapons Systems, Is the Real Source of National Security

Jan 13, 2014

The worldwide public discussion about surveillance produced by the Snowden revelations has so far largely missed a major strategic fault with national security arguments for continued mass surveillance: that economic damage to the technology sector but more fundamentally to the wider economy is a likely result. This damage is also likely to undermine security far more than any potential gains from continuing as we are - or continuing but with some transparency or narrowing that leaves the existing industrial scale surveillance system largely unchecked. more

Identify DDoS Attacks with External Performance Monitoring (Part 2 of 3)

Dec 18, 2013

In Part One of this series, we examined internal server, network and infrastructure monitoring applications. Now let's take a look at another way to capture DDoS information: external performance monitoring... Unlike network/infrastructure tools - which are usually installed inside a customer's network - external performance monitoring solutions are typically provided by a third party and leverage monitoring locations from around the world. more

Identify DDoS Attacks with Monitoring of Internal Applications (Part 1 of 3)

Dec 09, 2013

Most cloud DDoS mitigation services are offered on demand meaning that customers can enable the service when they are the victim of a DDoS attack. But how can a company find out -- quickly -- that it is under attack? Sometimes it is difficult to know. In this three part series, we will examine multiple monitoring tools companies can use to capture DDoS, which can help determine whether you are under a DDoS attack. more

Conclusion: SLD Blocking Is Too Risky Without TLD Rollback (Part 4 of 4)

Nov 21, 2013

ICANN's second level domain (SLD) blocking proposal includes a provision that a party may demonstrate that an SLD not in the initial sample set could cause "severe harm," and that SLD can potentially be blocked for a certain period of time. The extent to which that provision would need to be exercised remains to be determined. However, given the concerns outlined in Part 2 and Part 3 of this series, it seems likely that there could be many additions (and deletions!) from the blocked list given the lack of correlation between the DITL data and actual at-risk queries. more

Name Collision Mitigation Requires Qualitative Analysis (Part 3 of 4)

Nov 14, 2013

As discussed in the several studies on name collisions published to date, determining which queries are at risk, and thus how to mitigate the risk, requires qualitative analysis. Blocking a second level domain (SLD) simply on the basis that it was queried for in a past sample set runs a significant risk of false positives. SLDs that could have been delegated safely may be excluded on quantitative evidence alone, limiting the value of the new gTLD until the status of the SLD can be proven otherwise. more

We Have a Paradigm for Surveillance That’s Broken, Fit Only for the Analogue Past

Nov 09, 2013

As each day brings new revelations about surveillance online, we are starting to see increasing activity in national legislatures intended either to establish more control over what the security services can do to their nationals (in countries like the US), or to limit access by foreign secret services to the personal information of their citizens (countries like Brazil). Unfortunately, neither of these approaches address the underlying problem: we have a paradigm for surveillance that's fit for the analogue past, not the digital present, let alone the future. more

DITL Data Isn’t Statistically Valid for This Purpose (Part 2 of 4)

Nov 08, 2013

For several years, DNS-OARC has been collecting DNS query data "from busy and interesting DNS name servers" as part of an annual "Day-in-the-Life" (DITL) effort (an effort originated by CAIDA in 2002) that I discussed in the first blog post in this series. DNS-OARC currently offers eight such data sets, covering the queries to many but not all of the 13 DNS root servers (and some non-root data) over a two-day period or longer each year from 2006 to present. more

Introduction: ICANN’s Alternative Path to Delegation (Part 1 of 4)

Nov 06, 2013

As widely discussed recently, observed within the ICANN community several years ago, and anticipated in the broader technical community even earlier, the introduction of a new generic top-level domain (gTLD) at the global DNS root could result in name collisions with previously installed systems. Such systems sometimes send queries to the global DNS with domain name suffixes that, under reasonable assumptions at the time the systems were designed, may not have been expected to be delegated as gTLDs. more

PRISM and the Administration State Strikes Back

Nov 01, 2013

It is a safe assumption that if you are reading this post, you like technology. If that is the case, then you understand the tremendous economic, cultural, and human rights benefits an open, universal, and free Internet provides. That freedom is under attack. And it is our responsibilities, as stakeholders in a successful Internet, to balance governments and have an open dialog on the topic. more

Bruce Schneier to Speak About Internet Surveillance at IETF 88 Technical Plenary Next Week

Oct 31, 2013

How do we harden the Internet against the kinds of pervasive monitoring and surveillance that has been in recent news? While full solutions may require political and legal actions, are there technical improvements that can be made to underlying Internet infrastructure? As discussed by IETF Chair Jari Arkko in a recent post on the IETF blog, "Plenary on Internet Hardening", the Technical Plenary at next weeks IETF 88 meeting in Vancouver, BC, Canada, will focus on this incredibly critical issue. more

Industry Updates

On the Hunt for Remnants of the Samourai Wallet Crypto Mixing Services in the DNS

A Peek at the V3B Phishing Kit Attack via the DNS Lens

Tracking Down Fake Cryptocurrency Sellers Using DNS Intelligence

Following the DNS Trail of APT Group Newbie Unfading Sea Haze

On the DNS Trail of the Foxit PDF Bug Exploitation Attackers

Profiling a Popular DDoS Booter Service’s Ecosystem

A DNS Investigation of the Phobos Ransomware 8Base Attack

Stately Taurus APT Group Targets Asian Countries: What Do the Campaign IoCs Reveal?

Managing Expanding Attack Surfaces for Growing Businesses

Looking for More Signs of Nitrogen in the DNS

A DNS Investigation of the Typhoon 2FA Phishing Kit

Examining a U.S. Tax Scammer’s Web Infrastructure through the DNS Lens

Digging Deep to Examine the Roots of the Glupteba UEFI Bootkit

Hunting for TimbreStealer Malware Artifacts in the DNS

A Glimpse into the Global Domain Registration Trends Seen in Q1 2024

View More