IP and Domain Threat Intel
Premium roomA look into enriching IP and domain insights with open source threat intelligence.
medium
To access material, start machines and answer questions login.
Security Operations runbooks revolve around the process verify → enrich → decide, and IP and domain enrichment remains a core skill any L1 should have. In this room, we will pivot on geolocation, ASNs, open-service footprints, and records to decide whether the indicator is malicious or not, and also get some additional context about the attack.
Learning Objectives
- Enrich domains with WHOIS age, records, and details
- Learn the concepts of ASNs and geolocation for triage
- Spot red-flag services using VirusTotal, Shodan, and Censys
- Detect , , and Tor exit nodes with IP2Proxy and Spur
- Correlate signals across sources instead of trusting one verdict
Prerequisites
Practice
Before we start, download the archive with the exported threat intel attached to this task. You'll need it for most of the exercises, since live threat intel changes daily, and the data you query today may look different tomorrow.
All set to begin.
Ready to learn Cyber Security?
The IP and Domain Threat Intel room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in