Silent Push

NEW VIDEO 📽️ Director of Sales Engineering Maulik Limbachiya walks through the huge 4.4 release, giving a summary of 'Total View' and highlighting new and improved tools such as Infrastructure Variance and Context Similarity that allow for faster and more powerful pivots. Watch: https://hubs.ly/Q02NnsDD0 You can check out these new features for free with our Community Edition. Sign-up here: https://hubs.ly/Q02Nnp_80 Let us know what you think! #CTI #threatintelligence #silentpush #IOFA #release

Attention Silent Push Community Users 📣 We've introduced a new series of 'Community Corner' webinars dedicated to providing you with Community Edition tips and tricks from our experts and answering your questions about the Silent Push platform. Join our first session with Head of Product Colm Diver on Monday September 9 at 12pm (PT). Register: https://hubs.ly/Q02Nj6Jp0 We'll be discussing the new features from our latest release, and answering any questions you have about the platform. Our team will also run through several use-cases to help you make the most out Community Edition, whether you’re using it for threat hunting, brand impersonation detection or general threat research. See you on Monday 9.9.24! 👋

I'm a huge fan of the new Silent Push 4.4 Release, one of our most substantial updates yet. We have a new "Enrichment" page that has every feature you'll need for pivoting on a domain. I recorded a video showing the *free community version* of our platform so you can still see how powerful it is, even without paying a cent. Some of the features that rock: 1) One single view to quickly pivot through various data about a domain 2) Live screenshot + a new "Screenshot History" (which is perfect for domains that change regularly and you want to find when it changed) 3) Immediate access to our "Web Scanner" data for a domain (with the ability to compare results for quickly seeing similarities / differences between a scan) 4) Our powerful "Context Similarity" tool which uses a vector database to compare your searched domain to other known-threats. This works very well with specific types of phishing threats and can help you identify which threat actor is behind any one malicious site. 5) Subdomain lookup WITH an automatic wildcard search so that you know whether the domain has a wildcard subdomain (any subdomain will resolve) 6) "Infrastructure Variance" provides details about the ASN / IP Diversity / and Name servers, and is very powerful for domains that are using "fast flux" techniques to rapidly change hosting IPs or other aspects of their infrastructure. Haven't tried the Silent Push platform yet? Don't worry, we've got a free Community Edition that you can check out: https://hubs.ly/Q02Nb08p0

RELEASE 4.4 IS HERE... AND IT'S HUGE. ✔️ New 'Total View': Shows extended data relating to any enriched IPv4 address or domain across a wide range of queries and functions, all housed in one easy-to-navigate screen. ✔️ Infrastructure Variance: Enrich any domain to view its ASN Diversity, IP Diversity and NS Changes, helping you to track and preempt shifts in attacker infrastructure. ✔️ Context Similarity: visualize domain similarity and compare enriched attributes of your domain with others on your Silent Push threat intel feeds. Here's some resources to get you started with these new features and tools! 📚 Knowledge Base: https://hubs.ly/Q02Nb8RB0 💻 9.8.24 Community Corner webinar registration: https://hubs.ly/Q02Nb1HB0 Stay tuned for upcoming blogs and helpful content relating to these features! Let us know your thoughts on the release in the comments 👇 ---- Haven't tried the Silent Push platform yet? Don't worry, we've got a free Community Edition that you can check out: https://hubs.ly/Q02Nb08p0 #cybersecurity #threatintelligence #silentpush #IOFA #threathunting

🚨 Our research team recently detected a MASSIVE pool of Indicators of Future Attack (IOFAs) relating to a Chinese APK / IOS malware network. At the time of publication (20.8.24), the malware had 0 hits in VirusTotal. While we can’t publicly divulge the exact pattern used to map this new attacker infrastructure, you might very quickly be able to find it yourself with our free Community Edition 👀 https://hubs.ly/Q02N634w0 Want to chat more about this detection, the Silent Push platform or other threat related topics? Just reach out to [email protected] and we'll be in touch. #malware #threathunting #threatintelligence #CTI

Tomorrow... get ready 🚀

Indicators as composite objects...have you heard of this concept? By treating each indicator as 'being made up of several parts or elements', defenders can: ✔️ Discover contextual information ✔️ Create new data points ✔️ Identify patterns representing TTPs of various actors ✔️ Use additional data as search criteria to find previously unknown infrastructure Track down new attacker infrastructure at record speed by enriching and pivoting on any indicator for yourself with our free Community Edition: https://hubs.ly/Q02MSdrM0 Silent Push uses a powerful first-party scanning engine to instantly contextualize domain, URL and IP information across 110+ unique data fields, including risk level, web content (headers, hash values, on-page data), certificates, geographic location, passive DNS data, and the reputation of associated infrastructure. Out with barren IOC dumps, it's time start treating EVERY indicator as a composite object 😎 #IOC #threatintelligence #cybersecurity #CTI #silentpush #IOFA

NEW BLOG 🚨 Achieving #ISO 27001:2022 Annex A Control 5.7 with Silent Push. Read here: https://hubs.ly/Q02MJ_210 About: ISO 27001:2022 Annex A Control 5.7 provides a framework to help organizations understand their threat landscape and attack surface, enabling them to implement appropriate security measures and mitigate any potential damage caused by a security incident. 🛡️ #ISO27001 #ISOcertified #silentpush #threatintelligence #CTI

I'll be presenting at #mWISE in a few months about the Raspberry Robin threat actors... one of the most interesting threats on the internet! The event is in Denver this year --- here are more details @ https://lnkd.in/gRPEPPBq In case you aren't familiar with this threat, Raspberry Robin methods were first seen in 2019 by Microsoft but not written about publicly until 2022 by Red Canary (their piece @ https://lnkd.in/gutE8C2D is a must-read). RR is a "USB worm" that was globally sourced through infected print and copy shops, but it's not public how those print and copy shops were infected. Infections are now also being spread via their malware being directly served to users via spam and/or malvertising. The simplest way to think about Raspberry Robin is that they are "Initial Access Brokers" who are seemingly selling access to compromised computers. Once an infected USB device was connected to a computer and double clicked, it would begin attempting to deploy additional payloads. A similar process exists for the infections served via online malware delivery flows. These additional malicious payloads are typically served over "Domain Generating Algorithm" (DGA) domains that Silent Push has been tracking. The domains look like 6t[.]nz - very short, algorithmically generated garbage domains. These DGA domains are mapped to IP addresses from compromised QNAP / IOT devices. The threat actors basically use novel unique methods to compromise IOT devices, then created a FastFlux DNS architecture where these compromised IPs quickly rotate as the host for their C2 domains. So if you know the domains RR are using, you can further pivot into compromised QNAP/IOT devices they are using by monitoring for DNS changes on those domains. Pretty cool huh? Silent Push enterprise users can already monitor / block the domains used in Raspberry Robin C2 flows via our existing feed, and we have a TLP;Amber report privately available that provides more details. For everyone else, I look forward to explaining more about these sophisticated threat actors and how defenders could be collaborating to put more pressure on this network -- hopefully someday take it down. You can get more details about the Mandiant (part of Google Cloud) Worldwide Information Security Exchange (mWISE) @ https://lnkd.in/gsjvwQVv // Hope to see you there! 🖖

Hey Silent Push Community! Ever need a hand to run a query, or want more information on what a particular data field means? We've got your back 🤜🤛 Our in-app Resource Center is constantly being updated with new info to help you make the most out of the platform. Here's a quick guide on how to access it and make the most of its functionality. ➡️ https://hubs.ly/Q02M8Mz00 (P.S. Not signed up to our free Community Edition yet? Don't worry... here you go... https://hubs.ly/Q02M8J4s0 🤫)