Farsight Labs is an outreach programme from Farsight Security, Inc. to the world's digital defenders including individual contributors from academic, law enforcement, non-profit, for-profit, or private backgrounds. There is no fee for participation, no contract to sign, and no service level guarantee. We want to make the world safer, which we do through our robust commercial services, our Passive DNS network, our Open Source software, and with Farsight Labs.
The apps and services available in Farsight Labs will change over time. Generally these will be technologies that do not fit our usual commercial model, or are early-adopter pre-releases of future Farsight Security products and services. Uptime is not guaranteed, and quality may not be as assured as is our norm.
To sign up, visit https://labs.fsi.io/welcome. You can reach the Farsight Labs team by e-mail at email@example.com.
- Farsight Punycoder is now available in
the Labs shell.
Farsight Punycoder is a new tool
that enables Security Operations Center (SOC) teams, incident responders,
threat hunters and other security practioners to validate, dissect, and
bi-directionally convert DNS IDN Punycode. Learn more details about this tool
and how it can benefit your security program in our quarterly newsletter,
Farsight Observer, published in the
- Farsight Security Principal Architect Boris Taratine examines whether there
are other potential candidate domains that are used for Command & Control (C2)
related to the SolarWinds compromise, in addition to those previously
reported. Confirming additional C2 “could be an important
step towards identifying indicators of Compromise (IoCs) that were previously
unknown.” The new research is available in our
entitled, “SUNBURST: Mapping Malicious Activity Using Farsight Historical
Passive DNS (Part II).”
- In his new research published today in the Forum, Farsight Security Principal
Architect Boris Taratine examines the C2 communications used by the malware in
the recent SolarWinds supply chain attack. Visit the
Community Forum to learn how you can
use passive DNS to uncover related assets using historical records, as well as
check the patterns of behaviour going beyond reported IoCs.
- The Farsight Labs Community Forum
allows digital defenders to discuss details of Farsight tools and share tips
and tricks for using DNS Intelligence to improve Internet security. To access
this members-only resource, click on the Forum icon in the main Labs shell.
helps digital defenders by automating the generation of
either through a web interface, the command line, or
Regular expressions are a popular and mature way to describe an approximate
search term, and Expander can be told which of several keyword variation
systems to apply in order to cover the confusing similarities of
interest to an investigator or defender. Notably, the regular expressions
generated by Expander will also work fine in older tools such as UNIX
egrep or Splunk, and not just in
DNSDB 2.0 with Flexible Search.