Saw this guys live yesterday. They were amazing.

If I’m being honest, the most useful skill for hacking is learning to do research. And since Google’s search is going to shit, allow me to detail some of the methods I use to do OSINT and general research.

Google dorking is the use of advanced syntax to make incredibly fine-grained searches, potentially exposing information that wasn’t supposed to be on the internet:

Some of my go-to filters are as follows:

“Query” searches for documents that have at least one field containing the exact string.

site: allows for a specific site to be searched. See also inurl and intitle.

type: specifies the tor of resource to look for. Common examples are log files, PDFs, and the sitemap.xml file.

Metasearch engines (such as SearxNG) permit you to access results from several web-crawlers at once, including some for specialized databases. There are several public instances available, as well as some that work over tor, but you can also self-host your own.

IVRE is a self-hosted tool that allows you to create a database of host scans (when I say self-hosted, I mean that you can run this in a docker container on your laptop). This can be useful for finding things that search engines don’t show you, like how two servers are related, where a website lives, etc. I’ve used this tool before, in my investigation into the Canary Mission and its backers.

Spiderfoot is like IVRE, but for social networks. It is also a self-hosted database. I have also used this in the Canary Mission investigation.

Some miscellaneous websites/web tools I use:

SecurityTrails: look up DNS history for a domain

BugMeNot: shared logins for when creating an account is not in your best interest.

Shodan/Censys: you have to make an account for these, so I don’t usually recommend them.

OSINT framework: another useful index of tools for information gathering.

Shreyas Karle. Candle and incense stick holder. 2021. Terracotta. 10 x 15 x 3 cm. @ Greynoise.

Summary

🌐 What is Internet-Wide Scan Traffic?

Andrew Morris discusses "internet background noise," a term for omnidirectional scan traffic caused by tools like Shodan, Censys, and malicious botnets.

Internet-wide scanning sends queries to all IPv4 addresses to identify open ports, protocols, or vulnerabilities.

🔍 Identifying Anomalies:

GreyNoise collects and analyzes scan traffic to differentiate between benign scans and targeted malicious activity.

The process involves detecting anomalies—unexpected upticks in scanning patterns—and correlating them to newsworthy events, such as new vulnerabilities or exploits.

🛠️ Technical Approach:

Data is collected using nodes in diverse networks, from residential IP spaces to cloud providers, to avoid biases.

SQL queries and statistical methods calculate rolling averages of IP scan activity and identify spikes.

Challenges include managing large data volumes, avoiding collection biases, and addressing false positives.

🎯 Insights and Real-World Cases:

GreyNoise has identified patterns in mass scanning after vulnerabilities like Heartbleed or Log4Shell were disclosed.

Early scans often come from security researchers, with malicious actors exploiting vulnerabilities weeks or months later.

System Two Security Secures $7M to Outpace Generative AI Driven Cyber Threats

New Post has been published on https://thedigitalinsider.com/system-two-security-secures-7m-to-outpace-generative-ai-driven-cyber-threats/

System Two Security Secures $7M to Outpace Generative AI Driven Cyber Threats

System Two Security, a cutting-edge cybersecurity startup, has announced a $7 million funding round led by Costanoa Ventures. Runtime Ventures, The Hive, Webb Investment Network, and prominent tech veterans, including Scott McNealy (former CEO of Sun Microsystems), Frederic Kerrest (Co-Founder of Okta), and Ash Devata (CEO of GreyNoise), also participated in the round. The funding marks a significant milestone in System Two’s mission to help security teams combat the rising tide of GenAI-powered cyberattacks with their own GenAI-enhanced solutions.

Meeting the Generative AI Challenge

The cybersecurity landscape is undergoing a seismic shift with the widespread adoption of generative AI (GenAI) in cybersecurity attack.

GenAI  is being used by cyber attackers to make their attacks faster, smarter, and harder to detect by exploiting vulnerabilities in creative and automated ways. Attackers can generate code to bypass security measures, automate brute-force attacks on passwords, or manipulate AI models used in defenses to behave unpredictably.

GenAI tools can also simulate attack scenarios, helping hackers identify weak points in systems, and create malware that adapts in real-time to avoid detection. This capability allows attackers to breach systems more efficiently and launch sophisticated attacks with minimal effort.

System Two Security is tackling this challenge head-on. By leveraging purpose-built GenAI models and agents designed specifically for detection engineering, the company transforms threat detection from a manual, time-intensive process into an adaptive and automatic system. Early design partners have seen up to 10x faster detection of new threats, including sophisticated attacks like LLMJacking.

“Our vision is simple: to ensure that defenders can outpace attackers by turning AI into a force multiplier for security teams,” said Robert Fly, CEO of System Two Security. “The bad guys have new weapons, and it’s time for the good guys to match their speed and adaptability.”

System Two’s groundbreaking technology focuses on:

AI-Native Detection Models: Unlike traditional tools patched with AI enhancements, System Two’s solutions are built from the ground up to fully exploit GenAI capabilities.

Automatic Detection Creation: The platform’s AI agents draft new detections in minutes, filling gaps in security coverage and adapting to new threats with remarkable speed and precision.

Cross-System Compatibility: System Two integrates seamlessly with major enterprise security platforms, including Splunk, Microsoft Sentinel, and CrowdStrike’s Next-Gen SIEM.

Empowering Detection Engineers: By automating repetitive tasks and streamlining complex processes, the platform frees engineers to focus on high-value activities.

The company’s unique approach combines threat actor behavior graphs, enterprise context embeddings, and specialized large language models (LLMs) to predict and identify emerging threats with zero-shot accuracy. This reimagining of LLM technology for cybersecurity sets System Two apart from other solutions.

Driving the Future of the Security Operations Center (SOC)

System Two’s commitment to SOC transformation is rooted in a philosophy of empowerment rather than replacement. The platform’s generative AI agents augment human expertise, enabling security teams to:

Identify and address coverage gaps efficiently.

Transition detection rules between systems without vendor lock-in.

Anticipate novel attack sequences through predictive modeling.

“System Two isn’t just another vendor promising a black-box solution,” said Fly. “We’re partners in helping teams navigate the complexities of today’s threat landscape with tools that make their jobs easier and their defenses stronger.”

A Visionary Team with Deep Expertise

Founded in 2023 by industry veterans CEO Robert Fly and CTO Prasanth Ganesan, System Two brings decades of experience in security innovation. Fly, a serial entrepreneur and former CEO of Elevate Security, and Ganesan, a technical leader with expertise in SIEM, XDR, EDR, and AI, have built a company dedicated to transforming how organizations approach cybersecurity.

The company’s name, inspired by Daniel Kahneman’s behavioral science framework in Thinking, Fast and Slow, reflects its deliberate and logical approach to solving complex cybersecurity challenges. This ethos is embodied in System Two’s AI-driven solutions that empower detection engineers to achieve more with less.

Scaling for Impact

With the $7 million funding, System Two plans to expand its team and accelerate product development. The company is actively seeking design partners to refine its technology and deliver even greater value to security teams. Companies interested in participating can contact System Two at [email protected].

Redefining Security with Generative AI

System Two’s approach represents a new way to fight cybercrime. By turning GenAI from a threat into an advantage, the company empowers organizations to stay ahead of attackers in a rapidly evolving landscape.

“We’re thrilled to back a team with the expertise and vision to lead this transformation,” said John Cowgill, General Partner at Costanoa Ventures. “System Two is poised to redefine detection engineering and deliver the tools defenders need to succeed.”

Ivanti は、2 つのゼロデイ脆弱性を悪用した継続的な攻撃に対して脆弱なままになるため、緩和策を適用した後に新しいデバイス構成をアプライアンスにプッシュするのをやめるよう管理者に警告しました。 同社は追加の詳細は明らかにしなかったが、これは構成をプッシュする際の既知の競合状態が原因で発生し、Webサービスが停止し、適用された緩和策が機能しなくなることが原因であると述べた。 「顧客はXMLを導入したアプライアンスへの構成のプッシュを中止し、アプライアンスにパッチが適用されるまで構成のプッシュを再開すべきではない」と Ivanti氏は土曜日に公開された新しいアップデートの中で、 述べた。 「構成がアプライアンスにプッシュされると、一部の主要な Web サービスの機能が停止し、緩和策の機能も停止します。これは、Pulse One または nSA を介した構成のプッシュを含め、構成をアプライアンスにプッシュする顧客にのみ適用されます。これは関係なく発生する可能性があります。」完全または部分的な構成プッシュの。」 Ivanti 社は、緩和策 XML を再適用すると緩和策が機能しなくなるかどうかをまだ明らかにしていませんが、新しい構成がアプライアンスにプッシュされるたびに競合状態が発生することを考えると、これはおそらくそうなると思われます。 この警告は、CISAが2024年最初の緊急指令を発行し、 複数の脅威アクターによる広範な攻撃で悪用されたIvanti Connect SecureとPolicy Secureの2つのゼロデイ欠陥に対する緩和策をただちに適用するよう米国政府機関に命じた後に発表された 。 Ivanti ICS および IPS アプライアンスは、 大規模な攻撃の標的と CVE-2023-46805 認証バイパスと CVE-2024-21887 コマンド インジェクション バグを連鎖させた 少なくとも 12 月以降、 なっています。 2 つのゼロデイが連鎖すると、攻撃者は侵害されたネットワーク内を横方向に移動し、データを収集して窃取し、バックドアを展開して侵害されたデバイスへの永続的なシステム アクセスを確立することができます。 同社はまだセキュリティパッチをリリースしていないが、 管理 攻撃の試みをブロックする緩和策と、 者が影響を受けたアプライアンスを復元してサービスを再開できるように設計された回復手順を リリースしている。 数千台のアプライアンスがオンラインに公開され、数百台がすでにハッキングされている 脅威監視プラットフォーム Shadowserver は現在、 インターネットに公開されている 21,400 台を超える ICS VPN アプライアンスを 追跡しており、 6,300 台を超えています 米国では (Shodan では、オンラインで公開されている18,500 台を超える Ivanti ICS デバイスも確認しています)。 、Shadowserver は、 また 世界中で毎日侵害されている Ivanti Connect Secure VPN インスタンスの数を監視しており、 700 を超える侵害されたアプライアンスが発見されています。 1 月 21 日だけで インターネットに公開された Ivanti アプライアンス (Shodan) 脅威インテリジェンス企業の Volexity は 、2 つのゼロデイを積極的に悪用している攻撃者の 1 つ (UTA0178 として追跡され、Mandiant によって UNC5221 として監視されている中国国家支援の疑いのある脅威グループ) が、すでに GIFTEDVISITOR WebShell 亜種を使用して 2,100 台を超える Ivanti アプライアンスにバックドアを仕掛けたと発表しました。 。 によると、攻撃者はまた、XMRig 暗号通貨マイナーと Rust ベースのマルウェア ペイロードを侵害されたデバイスに展開しました Volexity と GreyNoise 。

Ivanti: 軽減策後に設定をプッシュすると VPN アプライアンスに脆弱性が生じる

ThreatBlockr integrates with GreyNoise to guard against false positives

http://i.securitythinkingcap.com/SnmPB9

GreyNoise Attracts Major Investor Interest

GreyNoise Attracts Major Investor Interest

Home › Endpoint Security GreyNoise Attracts Major Investor Interest By Ryan Naraine on June 15, 2022 Tweet GreyNoise Intelligence, a startup competing in the crowded threat-intelligence space, has deposited $15 million in a new round of venture capital funding led by Radian Capital. The $15 million Series A, which was led by Radian Capital, comes less than a year after GreyNoise banked a $5…

View On WordPress

Grey Noise 

The grey noise has lots of power at the top and bottom end of the frequency spectrum and a slight dip around the mid frequencies, which gives a three-dimensional texture to the sound, it is calibrated to sound more balanced to the human ear. 

It is likely to be used in some new technologies to attain a particular sort of sound efficiently distributed over the entire sound spectrum, at lower decibel levels. 

Researchers are using Grey noise to study hearing difficulties, as it allows to assess how a specific person's hearing varies from the average.

GreyNoise announces $4.8M seed investment to filter harmless security alerts

GreyNoise announces $4.8M seed investment to filter harmless security alerts

Security professionals are constantly dealing with an onslaught of information as their various tools trigger alerts, some of which require their attention and some which don’t. Unfortunately, it requires addressing the alert to find that out. GreyNoise wants to help by filtering out benign security alerts, leaving security pros to deal with the ones that matter.

Today, the company announced a…

View On WordPress

The rise of Empiershipping / whitenoise shipping has given me hope that one day we will get a mix between blankshipping and that going. Blanknoise shipping? Greynoise shipping? Honestly, I don't even care, I am just amusing myself with the image of Piers waking up after a wild night out in a different town and looking to his left to see a fast asleep gray haired guy... Looking to his right to see the same fucking guy still fast asleep and smiling and then groaning and holding his head because the hangover is hitting him full force.

I'm aint gonna lie, but I've been hoping to someday see a scene like the following, except with Piers....or Volo or Melli or Elesa. Somebody getting both of them at the same time. -Haven't seen too much of that yet.

Art credit to: 지젤@Deluxe_Giselle Twitter.

[Media] KENZER

KENZER Automated web assets enumeration & scanning. ▫️ Subdomain Enumeration using Subfinder, Amass, CerteX, TLSX, DNSX, NXScan, & ShuffleDNS ▫️ Port Enumeration using NXScan (Shodan, Netlas, Naabu & Nmap) ▫️ Web Enumeration using HttpX, Favinizer, Domlock, Gau, GoSpider, URLhunter & Waymore ▫️ Web Vulnerability Scanning using Jaeles, Wapiti, ZAP, Nuclei, Rescro & DalFox ▫️ Backup Files Scanning using Fuzzuli ▫️ Git Repository Enumeration & Scanning using RepoHunt & Trufflehog ▫️ Web Screenshot Identification using Shottie & Perceptic ▫️ WAF Detection & Avoidance using WafW00f & Nuclei ▫️ Reputation Scoring using DomREP (GreyNoise, URLHaus, PhishTank) ▫️ Every task can be distributed over multiple machines https://github.com/ARPSyndicate/kenzer

YouTubeARPSyndicate | Kenzer | Automated web assets enumeration & scanningKenzer (https://github.com/ARPSyndicate/kenzer) is a tool that aims to automate the workflow of web assets enumeration & scanning. This video demonstrates its basic usage & there are dozen of other things that could be done with it.

Hey, I'm new here . #traditionalart #sketch #draw #l #fantasy #deathnote #serpent #war #peace #greynoise

Summary

🌐 Introduction to GreyNoise:

Aaron DeVera shares their use of GreyNoise as a critical part of their cybersecurity and threat intelligence workflows.

GreyNoise helps classify benign, malicious, and unknown internet traffic, providing actionable insights for detecting and mitigating threats.

🛠️ Key Applications of GreyNoise:

Threat Detection: Used to identify malicious traffic targeting websites or blogs, including DDoS attempts and frequent automated bot visits.

Data Enrichment: Integrates with services like Kafka, Snowflake, and IPInfo to augment collected telemetry data with GreyNoise's classifications.

Decision-Making in Security: GreyNoise classifications are combined with other intelligence feeds to prioritize responses and refine confidence intervals.

🔧 Technical Workflow:

DeVera demonstrates building an analytics engine integrated with GreyNoise and open-source tools like Kafka.

Discusses using serverless architecture and asynchronous processing to minimize latency while enhancing real-time threat analysis.

🎯 Challenges and Insights:

Highlights the importance of blending multiple intelligence sources to improve detection accuracy.

Offers practical examples, such as distinguishing between benign corporate VPN traffic and malicious proxies.

Algunas sugerencias (personales) para #arcomadrid2018 en @glamourspain cc @sabrinaamrani - #artweek #madrid Gracias al equipo de #GlamourSpain y al #reinasofiamuseum para una sesión muy agradable y @gemahospido por la entrevista // #thegomagallery #guillermodeosmagallery #galeriarph #galeriaalegria #fernandezbraso #parra&romero #adngaleria #espaitactel #projectesd #hauser&wirth #morcharpentiergallery #peterkilchmanngallery #greynoise #gregorpodnar #marso