Upgrade to Pro — share decks privately, control downloads, hide ads and more …

(Shallow) Dive Into Network Entities

ninoseki
September 03, 2023
260

(Shallow) Dive Into Network Entities

2023-09-01 #vtuserjp

ninoseki

September 03, 2023
Tweet

Transcript

  1. SSL Certificate - Tips - SSL search modifiers - ssl_issuer

    - Focus on IPs that contain a given string or fulltext pattern within their SSL certificate issuer field. - ssl_serial - Focus on IPs that share a given SSL certificate serial field. - ssl_subject - Focus on IPs that contain a given string or fulltext pattern within their subject field. - ssl_thumbprint - Focus on IPs sharing a given SSL certificate thumbprint field. - Can use them with the domain entity too
  2. Domain Name - Tips - Cannot use anchors (“^” and

    “&”) with domain_regex modifier - fuzzy_domain is an alternative modifier to use
  3. HTTP Header - Tips - header search modifier to search

    header keys - header_value search modifier to search header values
  4. Read The Official Docs - URL search modifiers - https://support.virustotal.com/hc/en-us/articles/360002832977-URL-search-modifiers

    - Domain search modifiers - https://support.virustotal.com/hc/en-us/articles/360005830378-Domain-search-modifiers - IP address search modifiers - https://support.virustotal.com/hc/en-us/articles/360005866297-IP-address-search-modifiers - Etc.
  5. Dig The Official Docs - Also I recommend to read

    the official API docs - URLs: https://developers.virustotal.com/reference/url-object - Domains: https://developers.virustotal.com/reference/domains-1 - IP addresses: https://developers.virustotal.com/reference/ip-object - Because they have hidden gem(s)