Farsight Labs

About Farsight Labs

About Us

Farsight Labs is an outreach programme from Farsight Security, Inc. to the world's digital defenders including individual contributors from academic, law enforcement, non-profit, for-profit, or private backgrounds. There is no fee for participation, no contract to sign, and no service level guarantee. We want to make the world safer, which we do through our robust commercial services, our Passive DNS network, our Open Source software, and with Farsight Labs.

The apps and services available in Farsight Labs will change over time. Generally these will be technologies that do not fit our usual commercial model, or are early-adopter pre-releases of future Farsight Security products and services. Uptime is not guaranteed, and quality may not be as assured as is our norm.

To sign up, visit https://labs.fsi.io/welcome. You can reach the Farsight Labs team by e-mail at labs@farsightsecurity.com.



Farsight Punycoder is now available in the Labs shell. Farsight Punycoder is a new tool that enables Security Operations Center (SOC) teams, incident responders, threat hunters and other security practioners to validate, dissect, and bi-directionally convert DNS IDN Punycode. Learn more details about this tool and how it can benefit your security program in our quarterly newsletter, Farsight Observer, published in the Community Forum.
Farsight Security Principal Architect Boris Taratine examines whether there are other potential candidate domains that are used for Command & Control (C2) related to the SolarWinds compromise, in addition to those previously reported. Confirming additional C2 “could be an important step towards identifying indicators of Compromise (IoCs) that were previously unknown.” The new research is available in our Community Forum, entitled, “SUNBURST: Mapping Malicious Activity Using Farsight Historical Passive DNS (Part II).”
In his new research published today in the Forum, Farsight Security Principal Architect Boris Taratine examines the C2 communications used by the malware in the recent SolarWinds supply chain attack. Visit the Community Forum to learn how you can use passive DNS to uncover related assets using historical records, as well as check the patterns of behaviour going beyond reported IoCs.
The Farsight Labs Community Forum allows digital defenders to discuss details of Farsight tools and share tips and tricks for using DNS Intelligence to improve Internet security. To access this members-only resource, click on the Forum icon in the main Labs shell.
Expander helps digital defenders by automating the generation of regular expressions either through a web interface, the command line, or DNSDB Scout. Regular expressions are a popular and mature way to describe an approximate search term, and Expander can be told which of several keyword variation systems to apply in order to cover the confusing similarities of interest to an investigator or defender. Notably, the regular expressions generated by Expander will also work fine in older tools such as UNIX egrep or Splunk, and not just in DNSDB 2.0 with Flexible Search.
  © Farsight Security, Inc.