Farsight Security and iThreat Cyber Group demonstrate how iThreat’s CyberTOOLBELT platform and Farsight Security’s passive DNS data unraveled a deceitful drug rehabilitation operation starting with a single domain only and expanding it to the key individuals behind the operation and the laws they were breaking.
CyberTOOLBELT builds upon Farsight’s passive DNS by enhancing it with blocklist, and whois information, creating a platform that serves as a starting point in any domain or IP investigation by quickly providing a contextual overview of the data point of interest.
Key Points Covered include:
- An overview of the Passive DNS
- How cybercriminals use both legitimate and malicious subdomains to gain entry
- The steps security teams can take to uncover a single subdomain abuse and broaden that search to an entire landscape