Skip to main content

Cool Query of the Week for October 16, 2024: Tracking recently-added certificates on spoofed domains

  • October 16, 2024
  • 0 replies
  • 61 views

MattK_Censys
Forum|alt.badge.img+2

Howdy! This week I’m sharing a query that targets certificates. Use this to find certs that were added to the Censys dataset within the past week that are being used on spoofed domains that could indicate suspicious behavior. Combine this with known malicious domains to stay ahead of potential risks.

In this example, I used dnstwister to find suspect domains that might be impersonating censys.com. You could use regex instead to match patterns.

(densys.com or xensys.com or ce.nsys.com) and added_at:[now-1w to now]

This is part of a regular series of posts in which we’ll highlight useful, interesting, and otherwise cool queries for use with Censys Search and ASM. If you have any questions, similar queries, or custom versions of this week’s highlight, let us know!

Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings