As you may have known, from now I will be updating you a new patch for all our tools. I did provide the first update on my previous video that is with BIT our intel-assistant automating security operation tasks. In this video we'll tackle on a new patch for Spyder for the 1st quarter of 2021. I'll be giving some breakthrough on what this patch will be all about, we'll discuss on the new feature's input command and validation and we'll perform some usual threat intel tasks using Spyder, our threat intel automation tool.
What's going on guys! We are on it again for another patch of our threat intel application slash automation tool and it's new FEATURE!
You may have known that Spyder is capable of giving the user informations by crawling or mining data from several threat intel source.
It is a webcrawler of Cybersecurity! So in this video we'll get to another level and extend its capability by giving you the best of it.
NightCrawler
IsitDwn
General Threat Assesment of Websites and IPs
Whois Info
Webscreenshot
All this features comprised Spydr.
What if I told you that in this patch we'll condesed all this feature in just one. Where all the needed information will be gathered from a certain website. Among the 5 features, normally 3 of those are threat infos that is basically what is needed. And these 3 are...
General Threat Assesment of Websites and IPs
IsitDwn
Whois Info
These 3 elements of facts are the basis of threat information gathering whenever you are conducting a security research.
Let's get going on what I'm talking about. Let's test some known site and get some info's from it.
The "+"
You wanted to know more information about the site, such as how the website looks like. To proceed with this let's keep the first 2 arguments of our commands, that is
[1]spy and the (2)[site needed to be evaluated]
The third argument is 'plus' or '+'
and the fourth argument would be the added feature like:
SC - if you wanted to take a screenshot of the site
NC - get all the links from the site
I. spy [website.com] + SC
The screenshot result in .png
II. spy [website.com] plus NC
We got it 'all' for you!
If you you wanted to get all the information from the website, that would include
NightCrawler
IsitDwn
General Threat Assesment of Websites and IPs
Whois Info
Webscreenshot
Yep all of those!
You just need to add the word 'all' in the 3rd argument
1st argument - spy
2nd argument - website.com
3rd argument - all
spy amazon.com all
THREAT HUNT USING SPY
spy https://banking-managepayee.com/Login.php all - threat hunt a phishing site
The site is 100% valid phish and thats all the info we can get from this. No screenshot from the site as well...
Look at that, this phishing URL is already on its HIGH mark. 15 detections.The domain was registered as banking-managepayee.com, which we'll dig more in to later.Country is PAnama.
The site looks like...
The screenshot result below is interesting....
We get all the links from this phishing site. That's the time I got the real banking website and where the mockery came from.
The real lloydsbank.co.uk , looks exactly the same with our screenshot result, ayt?
As we go side to side with the legit and the phishing site. Yeah!
Please see the entire Youtube video below of these new feature plus the threat hunting exercise using this.
Patch1 Walkthrough >> https://youtu.be/M7VYB-7qh9s
Threat Hunt Exercise >> https://youtu.be/4snxX2AzmVQ
Hop you enjoy!
Subscribe and Follow =)
CybrKron >> EXIT