- inSp3ctor
A tool I developed to identify public S3 buckets and objects through permutations and wordlists
- Maltego Transforms | OSINT | crt.sh Local Transforms
I just released some local Maltego transforms for the site, https://crt.sh, which is a tool released by Comodo to identify SSL certificates. This site has so much potential for both sides of security, wether it be mapping an internal network, or making sure nothing wonky is going on
- Maltego Transforms | OSINT | Truepeoplesearch Local Transforms
I just released some new local Maltego transforms for truepeoplesearch.com and wanted to go through some things about them in this post. First, truepeoplesearch.com is a relatively newish site for getting some details about a person of interest. It also has some surprisingly great results about the person,
- CTF | Beast Mode
WARNING - CTF SPOILERS AHEAD It all started with a tweet by @jms_dot_py... Well this looks pretty interesting: https://www.reddit.com/r/Information_Security/comments/68qsko/help/ #osint ;) Justin posted the above tweet back on May 2nd, and I checked it out for a second, not knowing
- Augmentd
Awhile back I created a new project that I haven't linked here, called Augmentd (https://augmentd.co/). It's aimed at security engineers/analysts to use in common security tools, most notably: Splunk osquery Streamalert ELK Sysmon Sigma This site is a way for analysts/engineers to share their custom searches/
- Introducing Airbag - Maltego Transforms for Vehicles and Addresses
I've been on a big Maltego kick lately, and scoured the web for more sources of information I could start incorporating into Maltego. I found a site a few months ago that has been helpful in identifying certain individuals actual vehicles, VIN numbers, and addresses, and thought this would be
- AlienVault OTX Maltego Transforms
It's been quite a while since my last post/release, but, wanted to post a new release for AlienVault OTX Maltego transforms. These are all local transforms, so a teeny-tiny amount of work will be needed to get them all working properly, but, I promise it's not tough, and we'll
- Goldphish - Identify Phishing Vectors with Maltego
This is some what of a follow-up to an earlier blog post that @__eth0 and I did about analyzing phishing vectors using dnstwist. In this post we'll be releasing a new Maltego transform and machine which can quickly and easily analyze a domain and it's permutations to see who owns
- Gavel - OSINT Maltego Transforms
I've been pretty busy lately with updating Tango to version 2.0 and working on threat_note, but, another project I started on recently was something @__eth0 and I are calling Gavel. Gavel is a set of Maltego transforms that query traffic records in each state. This project started out
- Identifying Phishing Attack Vectors Using dnstwist and Splunk
Hey everyone, today we're doing something different. This is going to be a joint blog post from Ethan Dodge (@__eth0) and I in which we talk about phishing defense coverage by the Alexa Top 100 domains, which will also expose the best attack vectors for phishing against these domains. We're
- Great Firewall of China Active Probing IDS Signatures
A friend of mine @Munin recently linked a page that had research done regarding the "Great Firewall of China" (GFW). It went on to talk about how it was actively probing servers on the internet to detect if they are acting as proxies so that users behind the
- threat_note Update
It's been awhile since I announced threat_note, which is a new tool for security researchers to document/store/retreieve their research and analysis. The tool has had major revisions and complete UI overhaul since the introduction about a month ago, so I wanted to cover a few things I've
- threat_note
As some of you may have seen, I've been working on a new tool for security researchers to add, store and retrieve indicators pertaining to their research and analysis. Well, I'm excited to announce it's finally on GitHub and ready to be used by analysts. Please note, it's heavily in
- Building Your Own Passive DNS Collection System
In this post, I'll be going over how to set up an Ubuntu server running Bro IDS and bro-pdns to log all DNS queries and answers to a SQL database. Passive DNS can be great for security research, since it can help you build out the adversary's infrastructure and help
- Threat Intel | Web Crew
It's been a while since I've done a threat intel piece, so I wanted to put together a new one to show off some new methods and tips. This piece is called Web Crew due to the names of some malware they were hosting on some of their servers. So,