Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2012-04-18 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

ISC Feature of the Week: Suspicious Domains

Published: 2012-04-18
Last Updated: 2012-04-18 16:39:18 UTC
by Adam Swanger (Version: 1)
0 comment(s)

Overview
After some maintenance downtime, the Suspicious Domains lists at https://isc.sans.edu/tools/suspicious_domains.html have been re-launched. This project was developed by handler Jason Lam and is an effort to assemble weighted lists of suspicious domains based on tracking, malware and other sources.

Features

Background - https://isc.sans.edu/tools/suspicious_domains.html#background

  • Project description, sources cited and suggested uses of project data.


Lists By Level - https://isc.sans.edu/tools/suspicious_domains.html#lists
Domain lists linked here are categorized by Low, Medium and High sensitivity.

  • The lower the sensitivity, the fewer false positives.
  • Lists are based on ranges so they will overlap at each level.

Domain Whitelist - https://isc.sans.edu/tools/suspicious_domains.html#whitelist
Links to lists of approved and pending known-good domains. Submissions will be reviewed for approval and the form is limited to the following:

  • 20 submissions per 24 hour period
  • Submit one domain at a time
  • Domain must be on one of the current Lists by Level
  • Domain whitelisted will automatically be removed 7 days after dropping off Lists by Level


Search the Lists - https://isc.sans.edu/tools/suspicious_domains.html#search

  • Search for domain history and details:
    • Enter a domain from one of the Lists by Level to view First Added, Last Seen, Source and Whitelist details.
       
  • Creates a custom domain list file
    Choose criteria on this form to refine a custom suspicious domain list! Results are displayed in a text box so you can easily select all and copy for use.
    - Limit Score Range between 0 to 100 (Higher the score, the more sensitive the domain)
    - Refine Domain Names by Any, All or Like
    - Occurs a minimum of n times 

 

Post suggestions or comments in the section below or send us any questions or comments in the contact form on https://isc.sans.edu/contact.html#contact-form
--
Adam Swanger, Web Developer (GWEB, GWAPT)
Internet Storm Center https://isc.sans.edu

Keywords: ISC feature
0 comment(s)

Sysinternals Updates - 2012 Apr 17

Published: 2012-04-18
Last Updated: 2012-04-18 05:37:01 UTC
by Kevin Shortt (Version: 1)
0 comment(s)


In case you have not seen or heard, some of our readers pointed us to Monday's posting on the Sysinternals Site Discussion panel about a number of updates that are now available.  

Among the release are updates to the following:

  • NotMyFault
  • Process Monitor v3.01
  • TestLimit v5.2
  • Webcasts from Mark R.
  • Windows Internals 6th Ed. Part 1


Further details can be found at the following url: 

http://blogs.technet.com/b/sysinternals/archive/2012/04/17/updates-notmyfault-procmon-v-3-01-testlimit-v-5-2-mark-s-webcasts-and-windows-internals-6th-edition-part-1.aspx

Many thanks to our loyal readers Rene and Roseman for keeping us in the loop.

-Kevin
--
ISC Handler on Duty

 

 

Keywords: sysinternals
0 comment(s)
Diary Archives