Upgrade to Pro — share decks privately, control downloads, hide ads and more …

(Shallow) Dive Into Network Entities

ninoseki
September 03, 2023
0
250

(Shallow) Dive Into Network Entities

2023-09-01 #vtuserjp

ninoseki

September 03, 2023
Tweet

More Decks by ninoseki

See All by ninoseki
AVTokyo 2020 Phishing Kit Analysis Workshop
ninoseki
2
1.3k
Botconf 2019 OSINT 101
ninoseki
2
620

Featured

See All Featured
Code Reviewing Like a Champion
maltzj
520
39k
Rebuilding a faster, lazier Slack
samanthasiow
79
8.7k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
665
120k
A designer walks into a library…
pauljervisheath
203
24k
Code Review Best Practice
trishagee
64
17k
Fireside Chat
paigeccino
34
3k
Build The Right Thing And Hit Your Dates
maggiecrowley
33
2.4k
Agile that works and the tools we love
rasmusluckow
327
21k
Why Our Code Smells
bkeepers
PRO
334
57k
What's in a price? How to price your products and services
michaelherold
243
12k
A better future with KSS
kneath
238
17k
The Cost Of JavaScript in 2023
addyosmani
45
6.7k

Transcript

  1. (Shallow) Dive Into Network Entities @ninoseki

  2. None

  3. Entities in VTI -

  4. Entities in VTI

  5. SSL Certificate

  6. SSL Certificate

  7. SSL Certificate

  8. SSL Certificate - Shodan & Censys

  9. SSL Certificate - VT

  10. SSL Certificate - VT

  11. SSL Certificate - VT

  12. SSL Certificate - Tips - SSL search modifiers - ssl_issuer

    - Focus on IPs that contain a given string or fulltext pattern within their SSL certificate issuer field. - ssl_serial - Focus on IPs that share a given SSL certificate serial field. - ssl_subject - Focus on IPs that contain a given string or fulltext pattern within their subject field. - ssl_thumbprint - Focus on IPs sharing a given SSL certificate thumbprint field. - Can use them with the domain entity too

  13. Domain Name

  14. Domain Name - DomainTools (https://www.domaintools.com/resources/user-guides/an-introductory-guide-to-flexible-search-with-dnsdb-scout/)

  15. Domain Name - VT

  16. Domain Name - Tips - Cannot use anchors (“^” and

    “&”) with domain_regex modifier - fuzzy_domain is an alternative modifier to use

  17. HTTP Header

  18. HTTP Header - Havoc C2 (https://twitter.com/MichalKoczwara/status/1655994079526649861)

  19. HTTP Header - Censys

  20. HTTP Header - VT

  21. HTTP Header - Tips - header search modifier to search

    header keys - header_value search modifier to search header values

  22. How to Dive Deep Into VT

  23. Read The Official Docs - URL search modifiers - https://support.virustotal.com/hc/en-us/articles/360002832977-URL-search-modifiers

    - Domain search modifiers - https://support.virustotal.com/hc/en-us/articles/360005830378-Domain-search-modifiers - IP address search modifiers - https://support.virustotal.com/hc/en-us/articles/360005866297-IP-address-search-modifiers - Etc.

  24. Dig The Official Docs - Also I recommend to read

    the official API docs - URLs: https://developers.virustotal.com/reference/url-object - Domains: https://developers.virustotal.com/reference/domains-1 - IP addresses: https://developers.virustotal.com/reference/ip-object - Because they have hidden gem(s)

  25. Dig The Official Docs

  26. Dig The Official Docs

  27. Wrap-Up

  28. Wrap-Up - VT has almost equivalent search capabilities to Shodan/Censys/DomainTools

    - I’d not say they have 100% compatibility but.

  29. Wrap-Up - Read the docs & dig them deeper