Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10/20/2020
12:30 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Farsight Security Announces General Availability for DNSDB 2.0 Flexible Search

Tool uncovers phishing, brand infringement, and misinformation campaigns.

SAN MATEO, Calif., Oct. 20, 2020 (GLOBE NEWSWIRE) -- Today Farsight Security®, Inc., the leading cybersecurity provider of DNS Intelligence, announced general availability for DNSDB 2.0 Flexible Search. Now security analysts, threat hunters, brand protection teams, and incident responders can significantly expand their search for DNS-based assets using DNSDB. With Flexible Search, users can search for simple keywords such as “election” or phrases like “votebymail” or complex patterns, using new regular expression and globbing functionality, in order to uncover lookalike domains and other possible threats to their organization.

In a separate announcement, Farsight also unveiled Farsight Labs, a new platform for collaboration by the digital defense community, and a free tool, Expander, which enables security professionals to automate the generation of regular expressions.

DNSDB Flexible Search: What’s New

Bad actors can create, use, and discard domain names for malicious campaigns within minutes. Today, enterprises need tools to stay ahead of these fast-moving cyberthreats. With more than 100 billion DNS observations, DNSDB is the industry standard in historical passive DNS. The new DNSDB Flexible Search enables users to more effectively pinpoint the data they need to expose, correlate and contextualize their investigations. Users of DNSDB Flexible Search can:

  • Search just parts of words. For example, if you're investigating drug crime, you may want to find all the domains that include oxycon, perco or hydroco
  • Easily find look-alike domain names used for phishing attacks against their brands
  • Identify patterns and find matches for threat actor-generated hostnames/domain names
  • Find candidate matches when working with incomplete or redacted information
  • Identify domains relating simple generic terms to well-known brand names, from popular products to presidential campaigns

Today Farsight Security also debuts dnsdbflex, a C program for making regular expression and globbing queries to the DNSDB API. Dnsdbflex is a companion tool to dnsdbq, the DNSDB standard search command-line tool. Together they are perfect for server-based workflows and automation.

In addition, DNSDB Scout, the graphical interface for DNSDB, has been updated with the Flexible Search functionality. This update is available for both the Google Chrome extension (which also works in Brave!) and the Mozilla Firefox add-on. Scout is also available as a web version that can be used with any browser.

Since DNSDB Flexible Search was first announced, feedback from early adopters has been overwhelmingly positive!

The Cyber Defence Alliance (CDA) is a non-profit public-private partnership, headquartered in the United Kingdom. CDA works collectively and collaboratively across the financial sector and law enforcement globally to pro-actively share information, turning it into actionable intelligence to fight cybercrime and counter cyber threats.

  • “The tool is very straightforward to use, and with the power of RegEx and globbing on hand, is very flexible and powerful. The dataset being queried is massive, but any searches, no matter how complex, are returned in short order. This allows for rapid prototyping of searches, without interminable waits for results. Overall, the tool enables easy and quick searching of the dataset, with the flexibility for users to really stretch their analytical muscles and seek out those hidden gems of DNS data.” --- CDA technical intelligence analyst
  • “We looked at the tool from a software perspective using the easy-to-use API within a tool that I wrote. Leveraging the API with the tool, we were able to query the database hourly looking for new domains that contained terms associated with our members. The RegEx and glob patterns for searching makes this a very flexible solution allowing the quick identification of suspicious domains for further investigation.” -- CDA software developer

ThreatConnect Inc. provides cybersecurity software that reduces complexity for everyone, makes decision making easy by turning intelligence into action, and integrates processes and technologies to continually strengthen defenses and drive down risk.

  • "While we haven't realized yet the full potential of Farsight's DNSDB 2.0 Flexible Search, we've already seen its utility in helping us build out an understanding of an adversary's infrastructure based on subdomain string reuse. The ability to incorporate these queries with regex into our domain and subdomain focused research is going to help us exploit the bad guys' tactics, almost certainly in ways we aren't even considering yet." -- ThreatConnect Research Team Member

Pricing & Availability

DNSDB Flexible Search is available immediately to current DNSDB API customers and API trial users. To become a DNSDB API trial user, visit here. To become a DNSDB customer, please contact [email protected]. DNSDB Community Edition, the entry-level, free version of our flagship product, does not offer Flexible Search capabilities. DNSDB is available via an annual subscription.

Additional Resources:

Blog: DNSDB 2.0 Flexible Search is Now Available!
Blog: What is Globbing?
Blog: What’s A Regular Expression?

About Farsight Security, Inc.

Farsight Security, Inc. is the world’s largest provider of historical and real-time passive DNS data. We enable security teams to qualify, enrich and correlate all sources of threat data and ultimately save time when it is most critical - during an attack or investigation. Our solutions provide enterprise, government and security industry personnel and platforms with unmatched global visibility, context and response. Farsight Security is headquartered in San Mateo, California, USA. Learn more about how we can empower your threat platform and security team with Farsight Security passive DNS solutions at https://www.farsightsecurity.com/ or follow us at Twitter: @FarsightSecInc.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google's new See No Evil policy......
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24368
PUBLISHED: 2021-06-20
The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin WordPress plugin before 7.1.18 did not sanitise or escape its result_id parameter when displaying an existing quiz result page, leading to a reflected Cross-Site Scripting issue. This c...
CVE-2021-31664
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-33185
PUBLISHED: 2021-06-18
SerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attackers to obtain sensitive information.
CVE-2021-33186
PUBLISHED: 2021-06-18
SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-31272
PUBLISHED: 2021-06-18
SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation.