KeyChest Blog

KeyChest Update - June 2019

Jun 5, 2019 7:12:45 PM / by Dan

Having spent quite a few months working on the "invisible" code powering KeyChest, we have added two new reports - phishing threat and identity reports. But that is not all, we will finally add agents for monitoring internal networks.

 

KeyChest is still a bootstrapping company powered by my time and savings. That means that there are too few heads for too many hats - as in any start-up - from marketing (or testing marketing options), looking for customers as we are aiming at B2B business model, answering your questions and request (and we are very grateful for any feedback you send our way) ... to adding new KeyChest features. This time I will focus on the technology.

An overall report of phishing threat for all registered domains in an account.

An overall report of phishing threat for all registered domains in an account.

I have added two new reports to the KeyChest dashboard - identity report and phishing threat report. You can see the phishing report above and this is what happens behind the scenes.

Phishing Threat Report

  1. we use a customized dnstwist module to generate variants of domain names. We continue processing those in batches of 500.
  2. Each batch of up to 500 is checked against our global lookup table of all issued certificates and we keep domains for which we find at least one certificate - it doesn't have to be valid at the moment.
  3. The domains left are then checked for valid DNS records, MX record (i.e., email server exists), and A/AAAA records - i.e., hostnames one can use to host web sites.
  4. All the distilled information is stored in the KeyChest database ready for reporting.
  5. We try to structure the reports to be a little easier to read. We categorize each of the found "potential threat" as High, Avg, or Low risk. We will probably revise the criteria but at the moment, the High Risk are all domains created as Homoglyph (this includes use of international characters that look similar to ASCII ones). Medium Risk are domains with a valid certificate, email server and a "web hosting" domain name.

If you decide to invest $10/month or more, you will also be able to see details of all domains, like this.

Detail of phishing threats

Detail of phishing threats

Identity Report

Identity report is a new report that focuses purely on keys. It can therefore use our global database of certificate to its maximum effect. Keys (and certificates) are group by their names and the table shows the date of the first certificate as well as the last update and expiration.

Detail of a digital identity history - the buttons on the right lead to detail cards.

Detail of a digital identity history - the buttons on the right lead to detail cards.

 

Tags: identity, phishing, keychest

Dan

Written by Dan