Upgrade to Pro — share decks privately, control downloads, hide ads and more …

(Shallow) Dive Into Network Entities

ninoseki
September 03, 2023
0
180

(Shallow) Dive Into Network Entities

2023-09-01 #vtuserjp

ninoseki

September 03, 2023
Tweet

More Decks by ninoseki

See All by ninoseki
AVTokyo 2020 Phishing Kit Analysis Workshop
ninoseki
2
1.2k
Botconf 2019 OSINT 101
ninoseki
2
620

Featured

See All Featured
It's Worth the Effort
3n
180
27k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
228
16k
What’s in a name? Adding method to the madness
productmarketing
PRO
17
2.7k
The Pragmatic Product Professional
lauravandoore
26
5.8k
Gamification - CAS2011
davidbonilla
77
4.6k
Scaling GitHub
holman
457
140k
Why You Should Never Use an ORM
jnunemaker
PRO
51
8.6k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
323
20k
Done Done
chrislema
178
15k
Large-scale JavaScript Application Architecture
addyosmani
504
110k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
20
1.7k
What's new in Ruby 2.0
geeforr
337
31k

Transcript

  1. (Shallow) Dive Into Network Entities @ninoseki

  2. None

  3. Entities in VTI -

  4. Entities in VTI

  5. SSL Certificate

  6. SSL Certificate

  7. SSL Certificate

  8. SSL Certificate - Shodan & Censys

  9. SSL Certificate - VT

  10. SSL Certificate - VT

  11. SSL Certificate - VT

  12. SSL Certificate - Tips - SSL search modifiers - ssl_issuer

    - Focus on IPs that contain a given string or fulltext pattern within their SSL certificate issuer field. - ssl_serial - Focus on IPs that share a given SSL certificate serial field. - ssl_subject - Focus on IPs that contain a given string or fulltext pattern within their subject field. - ssl_thumbprint - Focus on IPs sharing a given SSL certificate thumbprint field. - Can use them with the domain entity too

  13. Domain Name

  14. Domain Name - DomainTools (https://www.domaintools.com/resources/user-guides/an-introductory-guide-to-flexible-search-with-dnsdb-scout/)

  15. Domain Name - VT

  16. Domain Name - Tips - Cannot use anchors (“^” and

    “&”) with domain_regex modifier - fuzzy_domain is an alternative modifier to use

  17. HTTP Header

  18. HTTP Header - Havoc C2 (https://twitter.com/MichalKoczwara/status/1655994079526649861)

  19. HTTP Header - Censys

  20. HTTP Header - VT

  21. HTTP Header - Tips - header search modifier to search

    header keys - header_value search modifier to search header values

  22. How to Dive Deep Into VT

  23. Read The Official Docs - URL search modifiers - https://support.virustotal.com/hc/en-us/articles/360002832977-URL-search-modifiers

    - Domain search modifiers - https://support.virustotal.com/hc/en-us/articles/360005830378-Domain-search-modifiers - IP address search modifiers - https://support.virustotal.com/hc/en-us/articles/360005866297-IP-address-search-modifiers - Etc.

  24. Dig The Official Docs - Also I recommend to read

    the official API docs - URLs: https://developers.virustotal.com/reference/url-object - Domains: https://developers.virustotal.com/reference/domains-1 - IP addresses: https://developers.virustotal.com/reference/ip-object - Because they have hidden gem(s)

  25. Dig The Official Docs

  26. Dig The Official Docs

  27. Wrap-Up

  28. Wrap-Up - VT has almost equivalent search capabilities to Shodan/Censys/DomainTools

    - I’d not say they have 100% compatibility but.

  29. Wrap-Up - Read the docs & dig them deeper