Welcome to this edition of the DomainTools Employee Spotlight blog! In our last post we unveiled Susan Prosser’s passion for dogs and experience in the tech industry. This round we are examining the one and only Karen Kuhar. Karen Kuhar (known fondly as “General Kuhar” around the office) is a woman of many talents. She […]

As a researcher, when I find an attacker working, one of the first places I start to pivot is the command and control infrastructure. I do this because I want to see if I can find additional binaries, indicators of attack, or additional infrastructure being used by an adversary. When looking at attacker infrastructure, one […]

Articles from March 11-17 Ethical Hacking: The Most Important Job No One Talks About Dark Reading | Amit Ashbel | March 16, 2017 Great power comes with great responsibility, and...

Ever since we launched Iris in the fall of 2015, we’ve been hard at work on various enhancements to make it an ever-better tool for discovering, characterizing, and defending against nefarious Internet infrastructure. From various UI enhancements, to the addition to passive DNS data, each enhancement has been designed to help you find more answers,...

When we hunt, we’re usually starting with some kind of indicator that something bad has happened. These are often referred to as IOCs or Indicators of Compromise. When we get a good report like this one from Homeland Security, we can use it to help us find out more about a threat actor and their […]

Remember Halloween? It used to be a fun, family-oriented holiday that included some simple, often home-made costuming and a walk through the local neighborhood so age-appropriate kids could get really excited about candy hoarding. Now Halloween is thrust upon us starting in September by an entire industry that has grown up around, my opinion here, ...

As a long time software engineer, I know how time consuming and frustrating it can be to integrate with an external service. First, you need to wade through their (hopefully existent) documentation and gain a decent grasp of what services provide the information you’re after. Then, you need to identify what authentication system is in […]

You're moving?! Fantastic! Hopefully this is a good thing for you and yours: huge growth of the company, a better location near your favorite lunch spots, or even just a better view. Collectively, we have lots of experience with office moves (and datacenter moves, and house moves), and having gone through this ourselves just a […]

Investigations are chock-full of nuance and detail. Hunt teams can spend a lot of time chasing shiny objects and learning what connections exist within malicious or potentially malicious domain infrastructure. As carbon-based lifeforms with a multitude of on-the-job experiences, we understand that not all pivot points or data fields are created equ...

DomainTools recently teamed up with Osterman Research and six other security companies on a survey and corresponding white paper discussing how organizations are dealing with phishing and ransomware. While we hear about high-profile (successful) attacks, or technical details about the behaviors of the latest variant, there hasn’t been as much cover...

I’ve been fortunate these last few years to meet with dozens, perhaps hundreds, of security teams of all shapes and sizes, with maturity ranging from a couple smart but embattled analysts all the way up to massive cyber fusion centers with an intelligence capability that likely rivals that of most small nations. In my quest […]

On a quiet morning in March, 2014, angry protesters in Hong Kong stormed their government buildings. The cause of the uproar was a proposed trade deal with mainland China in an effort to draw Taiwan closer to China. Concerned about internet reliability, the protesters chose to communicate through a little known app, Firechat. What makes […]

The other day I ran across a great blog post by Execute Malware that talked about the efforts he went through to find and identify new phishing domains. The one thing he didn’t mention was that he was mostly looking for free tools. I have to admit, the amount of detail and work he went […]

Back in March, I was honored to write my first employee spotlight (which brought our own Timothy Crosley into the limelight, pun intended). Now, it is my distinct pleasure to share some important information about our one and only Josh Hou. Not only is Josh an outstanding member of our back-end engineering team, he is […]

A basic security premise: as security teams within organizations continue to evolve, so do threat actors. One prominent example of this reality that security professionals encounter in their environment is DGAs (or Domain Generation Algorithms). DGAs are algorithms leveraged in some malware. They are used to generate a large volume of domain names ...

Barracuda Networks, whose early claim to fame was a spam firewall appliance, published a blog post on a phishing campaign that’s been making the rounds. The campaign capitalizes on a timely event—Brexit—by evoking the market uncertainties surrounding Britain’s move. The gist of the spam/phishing emails is that now is a great time to refinance or bu...

I’ve been fascinated by the attacks on the US political campaigns, their sites, and by the report from Threat Geek about the spoofed Democratic Campaign Committee donation page. It really got me thinking about how careful we need to be as consumers/donors with where we are spending or donating our hard earned cash. One of […]

To deny that cybercriminals and threat actors are becoming more sophisticated in their approach would be a refusal to accept reality. As a result, forward-thinking security analysts are challenged to identify new technologies to proactively identify threats before a major data breach occurs. However, there are a wide variety of data and tool provid...

We are pleased to announce that DomainTools has been honored by the When Work Works organization. This award honors organizations that have created effective workplaces based on six evidence-based components that are linked with positive employee and employer outcomes: Work/life fit Supervisor support for work success Autonomy Satisfaction with ear...

Our technical operations team is critical for keeping the office afloat, which happens to be a very stressful job, so it's only natural that they have a few outlets to remain sane. One of these outlets happens to be creativity. As an example, when faced with paying proper tribute to old hardware devices, tech ops found the […]

"If it looks too good to be true, it most likely is." This is a mantra I live by when sifting through email, social media, or surfing websites. In my experience, if the text is odd, or poorly structured, that is a clue; and most importantly, if there?s a suspicious structure to the domain, specifically […]

Forensic investigations are often fueled by Domain and DNS research. However, In order to harness the power of domain-based investigations, it's imperative to understand the anatomy of domains. You'll notice a short list of critical information regarding the origin of domain data is listed below: 5 Necessary Vocabulary Words: Registrant: The entity...

A few weeks back we celebrated our 15 year anniversary here at DomainTools. It was a day of forest restoration with the Nature Consortium, nature puns (which were so mulch fun), a speech from our fearless leader, and a delightful assortment of food and drink. This is a pretty typical DomainTools anniversary bash, especially considering […]

In my last post we covered some ways to look deeper into a report and find other connected domains that are part of the actors infrastructure. Let?s to continue to dive deeper and learn more. Reverse IP Pivot In our last post we uncovered an IP address that was being used to host the domain […]

The DomainTools dream team has made the long, two-block pilgrimage to our new home. Our new space is situated in the heart of Belltown in a skyscraper fondly known as the Darth Vader building. Although the notion of parting with our beloved building is such sweet sorrow, our new space is a reflection of our […]

By Steve Butt, Sales Engineer One of the many things criminals will do is buy up or register domains that have been allowed to expire. Many times companies will close shop and allow the domains they owned to expire. In these instances, nefarious individuals will pick up those domains and re-register them. This is mostly […]

Earlier today DomainTools announced an evolution of our membership model for individual users. Going forward DomainTools will only offer one retail membership level, the Personal Membership. I appreciate all of the feedback that we have received from many of our loyal and longtime DomainTools users. It?s clear DomainTools is a critical resource for...

I recently attended InfoSec World 2016, an annual cybesecurity conference put on by MIS|TI, an organization that focuses on training and innovation in various IT disciplines. I gave a talk there on the value of DNS and domain profile data in mapping criminal infrastructure, assessing threats, and defending against future attacks by known adver...

Before I was employed at DomainTools, I considered myself a professional Grade A prankster. I had completed dozens of fruitful acts of mischief, but after a few short weeks, I realized I was a mere mortal compared to my prank-counterparts. Yes, it is true, the most important day of the year here at DomainTools is […]

We are excited to announce the addition of Reverse IP Whois to our DomainTools products. This powerful tool?shows you all of the IPv4 address allocations for a given search term?usually an organization like a company, educational institution, or government entity. This can be very useful when trying to gain context, or situational awareness, relate...

One of the many qualities that makes DomainTools a unique and refreshing professional environment is our hiring process. Although some may consider this exercise grueling, it has resulted in a high bar for technical and non-technical hires. In the time I have worked at DomainTools, however, I have observed that our employee talent goes far […...

Articles from March 5-11 Webroot 2016 Threat Brief: 97% of Malware Cannot be Stopped by Traditional Cybersecurity Defenses IT Pro Portal | Grayson Milbourne | Mar. 10, 2016 The past year has been another record year for cybercrime, during which more malware, malicious IPs, websites, and mobile apps were discovered than ever before. It com...

In the ever-changing world of infosec there are many different channels security professionals leverage to ensure their information and knowledge are up to snuff. In addition to our go to blogs, reddit threads and publications, Twitter has become a useful medium to share security news. Twitter has such a variety of content producers and consumers [...

People who know the DomainTools story have a keen understanding that we have a pretty strong DIY mentality around here. We have pivoted this company to a new business model and a new target marketspace without the benefit of outside capital or outside counsel. But we?re smart enough to know what we don?t know, which […]

As all of you are well aware, RSA (which is arguably the largest information security conference) is just around the corner. This event is a great opportunity to connect with peers and vendors alike to learn from industry experts, share ideas, and most importantly, collect eccentric swag. The stress of ensuring everyone who attends RSA […]

If it feels like RSA snuck up on us this year, well, it actually did. The conference is more than a month earlier than last year?s late April edition. And at DomainTools, we?ve accomplished quite a bit in between RSA Conferences. Come by our booth (#3240) to see what we?ve been up to: See our […]

How to coach your team to victory in the battle to protect corporate data and intellectual property. After all, there's a lot riding on your game, too. There?s a good chance that on Sunday you were watching the Super Bowl, along with a few tens of millions of other folks. Even non-fans flock to this […]

Anyone who has spent more than five minutes working in information security can likely write a thorough list of cybersecurity cliches (including, but not limited to, military metaphors, the use of thinly veiled scare tactics, and heat maps). In the humble opinion of the DomainTools marketing team, however, cybersecurity stock photography takes the ...

Not really of course, but it begs the question: how close are we to that being a possibility? As machine learning continues to grow in popularity and usage, it can feel sometimes like we are on the cusp of an artificial intelligence (AI) revolution. But how does machine learning really work? What strides have we […]

Happy 2016! As always, the first thing I want to do is say thank you to our awesome customers without whom DomainTools would not exist. We deeply appreciate our longtime customers who renewed with us in 2015 as well as our hundreds of new customers who signed up with DomainTools this past year. We hope […]

What should you know if you want to apply for an engineering position here? Well, first of all, you want to be here. We work on projects that matter and build tools that make a positive difference in the world. The complexity and scale of our data and the problem domains we work in are […]

In a similar spirit to our 2016 security predictions, we thought it would make sense to share what we believe are worthwhile resolutions to make as you plan for the year ahead. These aren?t all specific to security, but the principles all certainly are relevant for dedicated security teams, as well as for IT more […]

While we may not be the only ones doing it, we at DomainTools thought it would be worth offering some predictions for Cyber 2016. For folks planning their budgets, security strategy, initiatives, etc., it?s worth considering what they are likely to be up against in the coming months and years, and for those of us […]

The DomainTools Report: 2015 Special Edition You may recall that earlier this year DomainTools published a report examining concentrations of malicious activity along a multitude of dimensions to identify ?hotspots? across the internet. We decided to expand our search for this DomainTools Report supplement- this?time?seeking concentrations of malic...

We can all agree that translating value up to leadership is a daunting task (and usually is the bane of our existence when our plates are already full with day to day work). Even more challenging is the task of successfully obtaining approval for increased budget or a specific tool. I had the pleasure of […]

It should come as no surprise that a small film franchise by the name of ?Star Wars? recently released some snippets from the upcoming film ?Episode VII: The Force Awakens?. If you have not seen the trailer, it comes highly recommended. Naturally DomainTools? reaction to the trailer was a mixture of sheer delight and curiosity […]

Articles From October 17-23 Take a deep dive into what you missed this week in Cyber Security in our weekly media wrap up: Google to adopt strictest DMARC policy to fight spam, phishing SearchSecurity (TechTarget) | Peter Loshin | October 23, 2015 Google announced this week that it is transitioning to the strictest setting of […]

October was a busy month for cybersecurity education in our Nation?s Capital. Yours truly and DomainTools participated in FireEye?s annual Cyber Defense Summit (formerly known as MIRcon) and ISACA?s inaugural Cyber Security neXus (CSX). The conferences had slightly different audiences and orientations, but at the highest level the goals were simila...