DnsTwist Tool – Proactive Approach for Handling Phishing Cases

0
Handling Phishing Cases

DnsTwist is the tool which can be used to discover potential malicious domains targeting your organization. This helps incident responder and soc analysts to spend less times on the incident investigation , response and reporting.

How it Works ?

DnsTwist does a permutation scans on large number of Phishing domains which is trying mimic or impersonate your brand. It detects Typosquatting domains & Doppelganger domains. Once scans are getting completed , List of other domains which is similar to your personal brand is show on the results window. Results contains the Newly registered domains , IP addresses ,Name servers and Email servers.

Typosquatting domains

A Technique of registering a domain similar to original domain. I.E , g00gle.com

Doppelganger domains

Missing dot “.” in the domain. I.E , mailg00gle.com

Getting Started

Try visiting the DNStwist online tool here

Do a Permutation scan on Dnstwist for the list of your customers brand and the vendors.

Export the list of Phishing domains , IP addresses ,Name servers and mail Servers.

Export the suspicious domains as CSV or JSON formats. Exclude your customers and vendors legitimate domain from the downloaded Csv or Json files.

Create a Watch list in your SIEM to monitor this domains ,IP addresses ,Name servers and mail Servers. Take possible actions with the list of CSV’s as Block or Detect with Block with your security controls.

In addition use Dnstwister Reporter , this will help you get the Whois Lookup , Google safe browsing and Parked domains lookups for the suspicious domains.

Fake Microsoft Domains
Analysis Phase

Signup on DNSTwist Reporter for alerts on the registration of possible phishing domains which is similar to your brand.

Happy Hunting !

LEAVE A REPLY

Please enter your comment!
Please enter your name here