Life’s A Pitch, and Then You Investigate

Are you tired of business as usual? Having trouble stopping the kill chain before it even begins? Are you sick of not being able to adequately pivot through a malware attacker’s infrastructure?

Well, LOOK NO FURTHER! OpenDNS is proud to announce the rerelease of OPENDNS INVESTIGATE!

 

OpenDNS Investigate is a great tool for both Internet Security Researchers and Incident Responders alike for when time is of the essence and you need information NOW! As an employee of OpenDNS, and a proud ...

Who’s Using Whose Whois?

Whois data is often difficult to work with given its plethora of unstandardized free text formats, the fact that much of it is registrant provided (meaning it’s often untrustworthy), and due to privacy protection services which mask the real whois record. As whois data naturally has many inconsistencies and anomalies, directly mining bulk whois data proves challenging. Instead of mining whois data, the OpenDNS research team often uses whois record values as auxiliary features of suspect domain names. Whois data enriches our ...

DFIR Austin 2015

OpenDNS was recently represented both on and off the stage (by Andrew Hay and Kevin Bottomley) at the 2015 Digital Forensics and Incident Response (DFIR) SANS Summit in Austin, Texas. Held at the Hilton Hotel, a block away from the energetic 6th street corridor, the conference is a two day event that focuses on recent issues involving computer security and digital forensics. The conference brings together some of the most well known names in DFIR to discuss new and innovative techniques, situations, ...

How Hacking Team Helped Italian Special Operations Group with BGP Routing Hijack

This is a crosspost from our recent acquisition of BGPmon posted here.

As part of the Hacking Team fall out and all the details published on wikileaks, it became public knowledge that Hacking Team helped one of their customers Special Operations Group (ROS), regain access to Remote Access Tool (RAT) clients. ROS recommended using BGP hijacking and Hacking Team helped with the setup of new RAT CnC servers. In this post we’ll take a closer look at the exact details of this ...

Which providers have the most phishing content?

Phishing is an efficient method for an attacker to deliver malware or harvest credentials from unsuspecting victims. By sending out a mass or targeted email designed to look like it came from a bank or other legitimate source, an attacker can acquire a fair number of user credentials or deliver malware. Credentials can be used for identity theft, additional compromise or to send more seemingly legitimate phishing emails and convincing a user to install malware can give attackers access to ...