| Dayjob | https://www.domaintools.com/leadership/danielschwalbe/ |
| Podcast | https://podcasts.apple.com/us/podcast/breaking-badness/id1456143419 |
| https://twitter.com/DanOnSecurity |
Daniel Schwalbe 
@danonsecurity@infosec.exchange
- 209 Followers
- 43 Following
- 79 Posts
Security Geek. CISO & Head of Investigations @DomainTools. Bee Whisperer. Former USA 12B20 | HigherEd security | Farsight Security (DNSDB). Occasional @BreakingBadness cohost. Jack of all Trades, Master of Some.
boB Rudis 🇺🇦 🇬🇱 🇨🇦Fresh research from my team at DomainTools Investigations just dropped! We look into newly registered domains that mimic the Google Play Store, and try to trick visitors into downloading the SoyNote Android RAT:
Newly Registered Domains Distributing SpyNote Malware - DomainTools Investigations | DTI
Deceptive websites hosted on newly registered domains are being used to deliver AndroidOS SpyNote malware. These sites mimic the Google Chrome install page on the Google Play Store.
Matt BlazeProtip: if someone posts a technical or legal analysis of something the administration is doing or proposing and your response is that legalities are irrelevant and a waste of time, the problem is YOU.
You know who wants you to think laws don’t matter anymore and that pushback is hopeless? Fascists.
Don’t act like a fascist.
Another installment of my occasional series "Where in the world is Daniel Schwalbe" - today with details about our upcoming @DomainTools Investigations Closed Door Sessions in #austintx and #boston next week. There is still time to apply to attend at https://dti.domaintools.com , but space is limited - act now! 😎
SecuritySnacksThere are signs that Russia is ramping up its technical infrastructure and dispersing more disinformation campaigns in 2025.
"We see a tendency — a trend of domains getting registered — that ... seems to be focused on disinformation, whether they're trying to mimic a real world, big news outlet, or in some cases, are very regionally targeted, giving the appearance of a local-ish news outlet," says @danonsecurity, CISO and head of investigations at DomainTools.
Read more from @roblemos at @darkreading here: https://www.darkreading.com/threat-intelligence/us-weakens-disinformation-defenses-russia-china-ramp-up
The latest installment of my monthly newletter is out: https://www.linkedin.com/pulse/guess-whos-back-again-dtis-tell-friend-daniel-schwalbe-yf2rc
If LI isn't your thing, you can get it via email: https://www.domaintools.com/investigations-newsletter-reg/
I'm sharing an update to last month’s research on Chinese malware and an additional look into our findings by our friends at CSIRT Gadgets. We’re also covering the Manipulaters [sic] takedown, upcoming webinars, plus all the spring events where you can come meet us in person.
DomainToolsSarah Sabotka (@proofpoint) will join us on March 19 for our Foundations of DFIR panel!
That's a while away though. Where can you find Sarah before then? Check out this episode of the DISCARDED podcast (Stealth, Scale, and Strategy: Exploring China's Covert Network Tactics - APT41) hosted with Selena Larson and guest Mark Kelly.
By studying APT41's operations, digital forensics and incident response teams can better prepare for and mitigate the impacts of both cybercrime and state-sponsored espionage, ultimately enhancing overall cybersecurity resilience.
Listen here: https://www.proofpoint.com/us/podcasts/discarded
Want to hear more of Sarah's insights, along with conversation with @danonsecurity, @hacks4pancakes, and David Bianco? Join us on March 19 - save your spot here: https://www.domaintools.com/webinar-getting-back-to-the-foundations-of-dfir/?utm_source=Mastodon&utm_medium=Social&utm_campaign=DFIR-to-You
@hacks4pancakes (@dragosinc) will join us on March 19 for our Foundations of DFIR panel!
While that's a few weeks away, you can check out Lesley's blog post on The Shifting Landscape of OT Incident Response which illustrates the importance of specialized incident response and digital forensics in maintaining the security and integrity of OT systems.
Find it here: https://www.dragos.com/blog/the-shifting-landscape-of-ot-incident-response/
If you want to catch Lesley along with panelists @danonsecurity, David Bianco, and Sarah Sabotka for unique insights on bolstering your DFIR foundations, save your spot here: https://www.domaintools.com/webinar-getting-back-to-the-foundations-of-dfir/?utm_source=Mastodon&utm_medium=Social&utm_campaign=DFIR-To-You
We'll be hosting a customer-exclusive webinar on Thursday, March 20 with @danonsecurity, Austin Northcutt, and Steven Behm demonstrating how our domain and DNS intelligence platform can help stay ahead of business email compromise (BEC) using the example of TA4903, a financially motivated threat actor.
In this closed event, the audience will walk away with the following:
🔹Investigate IOCs for increased context and find connected domains
🔹Understand how to create a fingerprint within Iris Investigate’s Advanced Search
🔹Leverage passive DNS to uncover connected subdomains
🔹Discuss automating discovery within Splunk SIEM environment for continued domain discovery
Save your spot here: https://www.domaintools.com/webinar-ta4903-and-me-using-domain-and-dns-intel-against-bec/?utm_source=Mastodon&utm_medium=Social&utm_campaign=Webinar
@danonsecurity's latest DomainTools Investigations (DTI) newsletter is out on LinkedIn! He shares an update to last month’s research on Chinese malware and CSIRT Gadgets, LLC additional look into our findings. He also covers the Manipulaters [sic] takedown, upcoming webinars, plus all the spring events where you can come meet the DTI team in person.
Don't use LinkedIn? Sign up for an email copy here: https://www.domaintools.com/investigations-newsletter-reg/?utm_source=Mastodon&utm_medium=Social&utm_campaign=DFS-Newsletter
