Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10/20/2020
12:30 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Farsight Security Announces General Availability for DNSDB 2.0 Flexible Search

Tool uncovers phishing, brand infringement, and misinformation campaigns.

SAN MATEO, Calif., Oct. 20, 2020 (GLOBE NEWSWIRE) -- Today Farsight Security®, Inc., the leading cybersecurity provider of DNS Intelligence, announced general availability for DNSDB 2.0 Flexible Search. Now security analysts, threat hunters, brand protection teams, and incident responders can significantly expand their search for DNS-based assets using DNSDB. With Flexible Search, users can search for simple keywords such as “election” or phrases like “votebymail” or complex patterns, using new regular expression and globbing functionality, in order to uncover lookalike domains and other possible threats to their organization.

In a separate announcement, Farsight also unveiled Farsight Labs, a new platform for collaboration by the digital defense community, and a free tool, Expander, which enables security professionals to automate the generation of regular expressions.

DNSDB Flexible Search: What’s New

Bad actors can create, use, and discard domain names for malicious campaigns within minutes. Today, enterprises need tools to stay ahead of these fast-moving cyberthreats. With more than 100 billion DNS observations, DNSDB is the industry standard in historical passive DNS. The new DNSDB Flexible Search enables users to more effectively pinpoint the data they need to expose, correlate and contextualize their investigations. Users of DNSDB Flexible Search can:

  • Search just parts of words. For example, if you're investigating drug crime, you may want to find all the domains that include oxycon, perco or hydroco
  • Easily find look-alike domain names used for phishing attacks against their brands
  • Identify patterns and find matches for threat actor-generated hostnames/domain names
  • Find candidate matches when working with incomplete or redacted information
  • Identify domains relating simple generic terms to well-known brand names, from popular products to presidential campaigns

Today Farsight Security also debuts dnsdbflex, a C program for making regular expression and globbing queries to the DNSDB API. Dnsdbflex is a companion tool to dnsdbq, the DNSDB standard search command-line tool. Together they are perfect for server-based workflows and automation.

In addition, DNSDB Scout, the graphical interface for DNSDB, has been updated with the Flexible Search functionality. This update is available for both the Google Chrome extension (which also works in Brave!) and the Mozilla Firefox add-on. Scout is also available as a web version that can be used with any browser.

Since DNSDB Flexible Search was first announced, feedback from early adopters has been overwhelmingly positive!

The Cyber Defence Alliance (CDA) is a non-profit public-private partnership, headquartered in the United Kingdom. CDA works collectively and collaboratively across the financial sector and law enforcement globally to pro-actively share information, turning it into actionable intelligence to fight cybercrime and counter cyber threats.

  • “The tool is very straightforward to use, and with the power of RegEx and globbing on hand, is very flexible and powerful. The dataset being queried is massive, but any searches, no matter how complex, are returned in short order. This allows for rapid prototyping of searches, without interminable waits for results. Overall, the tool enables easy and quick searching of the dataset, with the flexibility for users to really stretch their analytical muscles and seek out those hidden gems of DNS data.” --- CDA technical intelligence analyst
  • “We looked at the tool from a software perspective using the easy-to-use API within a tool that I wrote. Leveraging the API with the tool, we were able to query the database hourly looking for new domains that contained terms associated with our members. The RegEx and glob patterns for searching makes this a very flexible solution allowing the quick identification of suspicious domains for further investigation.” -- CDA software developer

ThreatConnect Inc. provides cybersecurity software that reduces complexity for everyone, makes decision making easy by turning intelligence into action, and integrates processes and technologies to continually strengthen defenses and drive down risk.

  • "While we haven't realized yet the full potential of Farsight's DNSDB 2.0 Flexible Search, we've already seen its utility in helping us build out an understanding of an adversary's infrastructure based on subdomain string reuse. The ability to incorporate these queries with regex into our domain and subdomain focused research is going to help us exploit the bad guys' tactics, almost certainly in ways we aren't even considering yet." -- ThreatConnect Research Team Member

Pricing & Availability

DNSDB Flexible Search is available immediately to current DNSDB API customers and API trial users. To become a DNSDB API trial user, visit here. To become a DNSDB customer, please contact [email protected]. DNSDB Community Edition, the entry-level, free version of our flagship product, does not offer Flexible Search capabilities. DNSDB is available via an annual subscription.

Additional Resources:

Blog: DNSDB 2.0 Flexible Search is Now Available!
Blog: What is Globbing?
Blog: What’s A Regular Expression?

About Farsight Security, Inc.

Farsight Security, Inc. is the world’s largest provider of historical and real-time passive DNS data. We enable security teams to qualify, enrich and correlate all sources of threat data and ultimately save time when it is most critical - during an attack or investigation. Our solutions provide enterprise, government and security industry personnel and platforms with unmatched global visibility, context and response. Farsight Security is headquartered in San Mateo, California, USA. Learn more about how we can empower your threat platform and security team with Farsight Security passive DNS solutions at https://www.farsightsecurity.com/ or follow us at Twitter: @FarsightSecInc.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
How to Identify Cobalt Strike on Your Network
Zohar Buber, Security Analyst,  11/18/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25159
PUBLISHED: 2020-11-24
499ES EtherNet/IP (ENIP) Adaptor Source Code is vulnerable to a stack-based buffer overflow, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition or code execution.
CVE-2020-25654
PUBLISHED: 2020-11-24
An ACL bypass flaw was found in pacemaker before 1.1.24-rc1 and 2.0.5-rc2. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went throu...
CVE-2020-28329
PUBLISHED: 2020-11-24
Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19.
CVE-2020-29053
PUBLISHED: 2020-11-24
HRSALE 2.0.0 allows XSS via the admin/project/projects_calendar set_date parameter.
CVE-2020-25640
PUBLISHED: 2020-11-24
A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.