Upgrade to Pro — share decks privately, control downloads, hide ads and more …

(Shallow) Dive Into Network Entities

Avatar for ninoseki ninoseki
September 03, 2023
440
0

(Shallow) Dive Into Network Entities

2023-09-01 #vtuserjp

Avatar for ninoseki

ninoseki

September 03, 2023

More Decks by ninoseki

See All by ninoseki
AVTokyo 2020 Phishing Kit Analysis Workshop
Avatar for ninoseki ninoseki
2
1.5k
Botconf 2019 OSINT 101
Avatar for ninoseki ninoseki
2
680

Featured

See All Featured
Faster Mobile Websites
Avatar for Dean Hume deanohume
310
31k
コードの90%をAIが書く世界で何が待っているのか / What awaits us in a world where 90% of the code is written by AI
Avatar for r-kagaya rkaga
62
44k
Designing for Timeless Needs
Avatar for Cassini Nazir cassininazir
1
250
Claude Code のすすめ
Avatar for schroneko schroneko
67
230k
Easily Structure & Communicate Ideas using Wireframe
Avatar for Afnizar Nur Ghifari afnizarnur
194
17k
GraphQLとの向き合い方2022年版
Avatar for Yosuke Kurami quramy
50
15k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
Avatar for Eileen M. Uchitelle eileencodes
38
2.9k
Kristin Tynski - Automating Marketing Tasks With AI
Avatar for Tech SEO Connect techseoconnect
PRO
0
270
Utilizing Notion as your number one productivity tool
Avatar for Mfonobong Umondia mfonobong
4
320
First, design no harm
Avatar for Per Axbom axbom
PRO
2
1.2k
Tell your own story through comics
Avatar for letsgokoyo letsgokoyo
1
950
A better future with KSS
Avatar for Kyle Neath kneath
240
18k

Transcript

  1. (Shallow) Dive Into Network Entities @ninoseki

  2. None

  3. Entities in VTI -

  4. Entities in VTI

  5. SSL Certificate

  6. SSL Certificate

  7. SSL Certificate

  8. SSL Certificate - Shodan & Censys

  9. SSL Certificate - VT

  10. SSL Certificate - VT

  11. SSL Certificate - VT

  12. SSL Certificate - Tips - SSL search modifiers - ssl_issuer

    - Focus on IPs that contain a given string or fulltext pattern within their SSL certificate issuer field. - ssl_serial - Focus on IPs that share a given SSL certificate serial field. - ssl_subject - Focus on IPs that contain a given string or fulltext pattern within their subject field. - ssl_thumbprint - Focus on IPs sharing a given SSL certificate thumbprint field. - Can use them with the domain entity too

  13. Domain Name

  14. Domain Name - DomainTools (https://www.domaintools.com/resources/user-guides/an-introductory-guide-to-flexible-search-with-dnsdb-scout/)

  15. Domain Name - VT

  16. Domain Name - Tips - Cannot use anchors (“^” and

    “&”) with domain_regex modifier - fuzzy_domain is an alternative modifier to use

  17. HTTP Header

  18. HTTP Header - Havoc C2 (https://twitter.com/MichalKoczwara/status/1655994079526649861)

  19. HTTP Header - Censys

  20. HTTP Header - VT

  21. HTTP Header - Tips - header search modifier to search

    header keys - header_value search modifier to search header values

  22. How to Dive Deep Into VT

  23. Read The Official Docs - URL search modifiers - https://support.virustotal.com/hc/en-us/articles/360002832977-URL-search-modifiers

    - Domain search modifiers - https://support.virustotal.com/hc/en-us/articles/360005830378-Domain-search-modifiers - IP address search modifiers - https://support.virustotal.com/hc/en-us/articles/360005866297-IP-address-search-modifiers - Etc.

  24. Dig The Official Docs - Also I recommend to read

    the official API docs - URLs: https://developers.virustotal.com/reference/url-object - Domains: https://developers.virustotal.com/reference/domains-1 - IP addresses: https://developers.virustotal.com/reference/ip-object - Because they have hidden gem(s)

  25. Dig The Official Docs

  26. Dig The Official Docs

  27. Wrap-Up

  28. Wrap-Up - VT has almost equivalent search capabilities to Shodan/Censys/DomainTools

    - I’d not say they have 100% compatibility but.

  29. Wrap-Up - Read the docs & dig them deeper