Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

12:30 PM
Dark Reading
Dark Reading
Products and Releases

Farsight Security Announces General Availability for DNSDB 2.0 Flexible Search

Tool uncovers phishing, brand infringement, and misinformation campaigns.

SAN MATEO, Calif., Oct. 20, 2020 (GLOBE NEWSWIRE) -- Today Farsight Security®, Inc., the leading cybersecurity provider of DNS Intelligence, announced general availability for DNSDB 2.0 Flexible Search. Now security analysts, threat hunters, brand protection teams, and incident responders can significantly expand their search for DNS-based assets using DNSDB. With Flexible Search, users can search for simple keywords such as “election” or phrases like “votebymail” or complex patterns, using new regular expression and globbing functionality, in order to uncover lookalike domains and other possible threats to their organization.

In a separate announcement, Farsight also unveiled Farsight Labs, a new platform for collaboration by the digital defense community, and a free tool, Expander, which enables security professionals to automate the generation of regular expressions.

DNSDB Flexible Search: What’s New

Bad actors can create, use, and discard domain names for malicious campaigns within minutes. Today, enterprises need tools to stay ahead of these fast-moving cyberthreats. With more than 100 billion DNS observations, DNSDB is the industry standard in historical passive DNS. The new DNSDB Flexible Search enables users to more effectively pinpoint the data they need to expose, correlate and contextualize their investigations. Users of DNSDB Flexible Search can:

  • Search just parts of words. For example, if you're investigating drug crime, you may want to find all the domains that include oxycon, perco or hydroco
  • Easily find look-alike domain names used for phishing attacks against their brands
  • Identify patterns and find matches for threat actor-generated hostnames/domain names
  • Find candidate matches when working with incomplete or redacted information
  • Identify domains relating simple generic terms to well-known brand names, from popular products to presidential campaigns

Today Farsight Security also debuts dnsdbflex, a C program for making regular expression and globbing queries to the DNSDB API. Dnsdbflex is a companion tool to dnsdbq, the DNSDB standard search command-line tool. Together they are perfect for server-based workflows and automation.

In addition, DNSDB Scout, the graphical interface for DNSDB, has been updated with the Flexible Search functionality. This update is available for both the Google Chrome extension (which also works in Brave!) and the Mozilla Firefox add-on. Scout is also available as a web version that can be used with any browser.

Since DNSDB Flexible Search was first announced, feedback from early adopters has been overwhelmingly positive!

The Cyber Defence Alliance (CDA) is a non-profit public-private partnership, headquartered in the United Kingdom. CDA works collectively and collaboratively across the financial sector and law enforcement globally to pro-actively share information, turning it into actionable intelligence to fight cybercrime and counter cyber threats.

  • “The tool is very straightforward to use, and with the power of RegEx and globbing on hand, is very flexible and powerful. The dataset being queried is massive, but any searches, no matter how complex, are returned in short order. This allows for rapid prototyping of searches, without interminable waits for results. Overall, the tool enables easy and quick searching of the dataset, with the flexibility for users to really stretch their analytical muscles and seek out those hidden gems of DNS data.” --- CDA technical intelligence analyst
  • “We looked at the tool from a software perspective using the easy-to-use API within a tool that I wrote. Leveraging the API with the tool, we were able to query the database hourly looking for new domains that contained terms associated with our members. The RegEx and glob patterns for searching makes this a very flexible solution allowing the quick identification of suspicious domains for further investigation.” -- CDA software developer

ThreatConnect Inc. provides cybersecurity software that reduces complexity for everyone, makes decision making easy by turning intelligence into action, and integrates processes and technologies to continually strengthen defenses and drive down risk.

  • "While we haven't realized yet the full potential of Farsight's DNSDB 2.0 Flexible Search, we've already seen its utility in helping us build out an understanding of an adversary's infrastructure based on subdomain string reuse. The ability to incorporate these queries with regex into our domain and subdomain focused research is going to help us exploit the bad guys' tactics, almost certainly in ways we aren't even considering yet." -- ThreatConnect Research Team Member

Pricing & Availability

DNSDB Flexible Search is available immediately to current DNSDB API customers and API trial users. To become a DNSDB API trial user, visit here. To become a DNSDB customer, please contact [email protected]. DNSDB Community Edition, the entry-level, free version of our flagship product, does not offer Flexible Search capabilities. DNSDB is available via an annual subscription.

Additional Resources:

Blog: DNSDB 2.0 Flexible Search is Now Available!
Blog: What is Globbing?
Blog: What’s A Regular Expression?

About Farsight Security, Inc.

Farsight Security, Inc. is the world’s largest provider of historical and real-time passive DNS data. We enable security teams to qualify, enrich and correlate all sources of threat data and ultimately save time when it is most critical - during an attack or investigation. Our solutions provide enterprise, government and security industry personnel and platforms with unmatched global visibility, context and response. Farsight Security is headquartered in San Mateo, California, USA. Learn more about how we can empower your threat platform and security team with Farsight Security passive DNS solutions at https://www.farsightsecurity.com/ or follow us at Twitter: @FarsightSecInc.


Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-06
An SSRF issue in Open Distro for Elasticsearch (ODFE) before allows an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Alerting plugin's intended scope.
PUBLISHED: 2021-05-06
Arbitrary File Deletion vulnerability in puppyCMS v5.1 allows remote malicious attackers to delete the file/folder via /admin/functions.php.
PUBLISHED: 2021-05-06
Rmote Code Execution (RCE) vulnerability in puppyCMS v5.1 due to insecure permissions, which could let a remote malicious user getshell via /admin/functions.php.
PUBLISHED: 2021-05-06
An issue exists on NightOwl WDB-20-V2 WDB-20-V2_20190314 devices that allows an unauthenticated user to gain access to snapshots and video streams from the doorbell. The binary app offers a web server on port 80 that allows an unauthenticated user to take a snapshot from the doorbell camera via the ...
PUBLISHED: 2021-05-06
An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a syst...