Could Censys serve as a threat intelligence collector?

By Milica D. Djekic

The fact is so many visible web search engines could offer you a chance to explore the internet widely and the similar case is with the Censys crawler being located at the web address as follows www.censys.io. This emerging technology would provide you an opportunity to deal with the security driven by data and it would be a quite suitable crawler for finding almost anything being accessible through the surface internet. In case you need the Censys to gather the threat intelligence – it would be possible in case you smartly choose an appropriate keyword. Once you experience this security tool you would see how far away you can get with so. The point is the Censys would give you an option to discover so many IP addresses being correlated with so many different keywords, so do not get surprised if you get access to some organized crime or terrorist visible web nest. It’s well-known that once you obtain someone’s IP address – there would be nearly limitless opportunities to make a breach to such a system using some of the hacking tools. The aim of this effort is not to discuss how we could develop a good attack strategy, but rather it should suggest to us how we could discover the web vulnerabilities applying such a security crawler. So many security researchers would use the Censys to search hard for threat’s forums, discussion groups, and websites. They would commonly find plenty of helpful information that could guide some defense forces to obtain more useful findings and make a decision on how they could tackle some concerns. From that perspective, the Censys is a powerful security tool and at some level – it could serve as a great threat intelligence collector. The fact is that so many threats’ activities would not get access through the visible web and we would need to rely on the deep web in order to see what is happening there. So, how could Censys serve for those purposes?

As it’s well-known, the majority of threat intelligence could get found below the surface and the Censys itself can grab only data being the part of the visible web. It would use the quite popular Z-map algorithm and it would cope with the wide search only. In other words, this sort of search engine would not go below the internet surface. For instance, the deep web browsers such as Tor would deal with the deep search and they would get capable to look for the .onion websites being the part of the well-encrypted an anonymous project. So, our question here would be if we could correlate such a powerful crawler as Censys is with some kind of a deep web crawling. If that would get feasible – we could call the Censys the real threat intelligence collecting service. We believe that one day we would get such a sophisticated search engine that would get able to detect the IP addresses of the well-hidden parts of the internet. At this stage, it’s still a quite good idea and we hope that the brilliant minds that have created the Censys could go a step deeper. Well, it appears that the Censys is quite capable to gather the findings of the threats at the visible level and we need more hard work as well as strategic approaches in order to make the deep web solutions getting demystified.Could Censys serve as a threat intelligence collector?

Once the criminals and terrorists lose their well-hidden oases – the world would get a safer place and in our opinion, the crawlers as a Censys could provide us with such an option. Why is that the fact? First, if you get the security tool that could discover the both – surface and deep IP addresses – you would get no difficulties to trace the bad guys and expose them in order to conduct some sort of the case. It’s well-known that the systems as a Tor are role-based, so in order to get access to someone’s communications – you would need to get permissions to login to such an account. Maybe we could learn from each other. How? Well, for a certain keyword being with the Censys – you would get some kind of data being helpful for a security researcher. Also, if you get the access to someone’s anonymous account you would need the feedback information in order to get his location with the web. In other words, what we need is a tool that would offer us an opportunity to see both – someone’s communications as well as his IP address. Dealing with someone’s IP address means that you can locate that machine and expose such a system for investigative purposes. We know that the modern technology would go so, so far away and so many intelligence communities would cope with such a sort of capabilities. What we need at this stage is something as a Censys that would serve as a deep threat intelligence gathering tool. The point with the Censys is that it’s publically available and at this level – it can offer a lot to the security researchers. If the guys from the Censys project make so significant improvements and get how they could scan the deep internet as well – that would be the good news to the security community, so far. In our belief, that could get quite possible as the security researchers already know a lot about both technologies.

The Censys is the young and quite promising project that could get developed in full to serve as a powerful threat intelligence collector. We believe that such a security tool deserves a lot of attention and support in order to get better, stronger and deeper. At some stage, the Censys could get recognized as a quite convenient IoT search engine, but in the practice – it would deal with plenty of security applications. As it’s still at its beginning – we believe that the next decade of its development and deployment would bring us a lot of new ideas and the folks from that project would know how to make their solution getting much smarter and more effective.

About The Author

Could Censys serve as a threat intelligence collector?Milica D. Djekic is an Independent Researcher from Subotica, Republic of Serbia. She received her engineering background from the Faculty of Mechanical Engineering, University of Belgrade. She writes for some domestic and overseas presses and she is also the author of the book “The Internet of Things: Concept, Applications, and Security” is published in 2017 with the Lambert Academic Publishing. Milica is also a speaker with the BrightTALK expert’s channel and Cyber Security Summit Europe being held in 2016 as well as CyberCentral Summit 2019 being one of the most exclusive cyber defense events in Europe. She is the member of an ASIS International since 2017 and contributor to the Australian Cyber Security Magazine since 2018. Her fields of interests are cyber defense, technology, and business.

February 19, 2019

cyber defense awardsWe are in our 11th year, and Global InfoSec Awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.
Cyber Defense Awards

12th Anniversary Global InfoSec Awards for 2024 are now Open! Take advantage of co-marketing packages and enter today!

X