news

SecurityTrails Blog · Dec 22 2020 · by Sara Jelen

SecurityTrails Year in Review 2020

Reading time: 14 minutes

The year is almost over, can you believe it? And 2020 has been one heck of a year. With so many ups and downs, we can all agree to breathing a sigh of relief once its end was in sight. Yet however the year treated us, we’d like to acknowledge many good moments and memories made.

As the holidays approach, let’s take a few moments to reminisce about all of 2020’s highlights for the SecurityTrails team. We expanded our crew, had fun releasing numerous product updates and features, and worked hard on our blog to deliver the best infosec content out there.

For a closer look, here’s what the SecurityTrails team was up to during 2020:

Expanding the SecurityTrails team

The coronavirus pandemic has brought about a lot of uncertainty and pushed the world into adopting new ways of living — both personally and professionally. Companies and individuals alike, on so many levels, have had to adjust to the norms of social distancing and working remotely.

SecurityTrails has been a remote-first company since the very beginning, in 2017. Our diverse and talented remote team has the freedom to work from any location in the world and enjoys the benefits of working remotely—being present for their personal lives and focusing on their growth outside of the “workplace”.

While we weren’t able to go on team retreats in 2020, we always encourage our team members to grow, connect and collaborate with each other through our monthly company-wide gatherings, team-specific meetings, soft- and hard-skill courses, internal projects, competitions, and more.

And now that 2020 marks the third year of our fully remote team with many lessons learned, we have continued to hire new talent from all over the world.

Expanding the SecurityTrails team

We’ve grown from a seven-member team in our first year to a 35-member team, with individuals from all over the world: the USA, Uruguay, Germany, Serbia, Poland, Finland, Ukraine, Philippines, South Africa and Argentina. Our team saw many changes, and the end of 2020 counts eight more SecurityTrails team members than we had at the end of 2019.

And if you’re interested in joining our diverse team, take a look at our updated Careers page. That’s where you can find out more about SecurityTrails culture as well as any positions we have available.

Product launches and updates

Who’s been here since 2017? These SecurityTrails website before-and-after photos speak volumes about how much we’ve changed and improved since the first version of our product. In mid-2020, we moved on from our recognizable yellow-and-black look and changed our branding and visual identity significantly.

Product launches and updates

We’ve continued working on sometimes small, sometimes sizable, but always incremental changes to our website and products.

We’re always listening to valuable feedback from our users and customers and that is how we’ve managed to become the world’s largest repository of historical DNS data. We believe that if we want to remain the trusted resource for industry leaders that we are, transparency about our data and what we do with it is crucial. To that end, you can look to our regularly updated Changelog, where we note everything our engineering team brings forth.

Throughout 2020, our engineering and product teams worked relentlessly on bringing monthly improvements, updates and fixes to the console, SecurityTrails API™, SurfaceBrowser™, SecurityTrails Feeds™ and Attack Surface Reduction™.

Product features and updates

SecurityTrails API™

Our fast and always up-to-date SecurityTrails API™ allows security companies, researchers and teams access to current and historical data. In order to continue to empower companies and researchers with the most current DNS, IP and domain intel available, we continuously work on improving and innovating with our cybersecurity API.

API queries

API querys average number

For the SecurityTrails API™, new endpoints were added throughout the year:

  • SSL
  • User agent
  • IP WHOIS
  • Company details endpoints

Most used endpoint

Also introduced were the firehose endpoint that streams Certificate Transparency log entries we encountered, as well as a DMARC feed endpoint that allows for downloading new daily DMARC entries.

SurfaceBrowser™

The SecurityTrails team was also very busy in 2020 with SurfaceBrowser™, our passive intelligence tool that allows you to know everything about a single domain or any organization’s public surface instantly and through a web-interface.

The year opened with a new IP page that features top IPv4 addresses by domain count, continuing with support for domains with an umlaut. Some other notable updates to SurfaceBrowser™ are newly added pages:

  • Company acquisitions
  • Suborganizations
  • Activity page
  • SSL section

SurfaceBrowser™ features we were very excited to release include Hosting Visualization, Tags for hostnames, and SQL Explorer. We even featured an SSL scraping showcase with SQL Explorer that allows you to combine the power of structured query language with the SecurityTrails database to extract more information.

By the end of the year we introduced even more new features for SurfaceBrowser™: more data downloads, an Egress Activity option, and improvements to the Host page.

Attack Surface Reduction™

In October of 2019, we released the latest SecurityTrails enterprise-grade product—Attack Surface Reduction™, or ASR. ASR is a powerful tool for discovering the entire internet-facing and shadow infrastructure of a target, allowing for the tracking and monitoring of critical assets and identifying risks.

ASR got a few big releases at the beginning of the year, such as its major UI redesign, data caching and rules functionality update. We’ve been laying low for the rest of the year as we’re preparing some big updates to the product. However, you can sign up here to be one of the first to know once we launch the newest version of ASR.

Integrations and SDKs

It’s always been an imperative for us that the security platform we build offers a flexible API, one that can be easily integrated into any programming language or applications in use.

Researchers and teams can easily fetch our domain, IP and WHOIS data from their applications, and the SecurityTrails API™ has already been integrated into many security tools, apps and plugins.

In 2020 alone, we added 15 new third-party integrations, browser extensions and wrappers:

Integrations and SDKs

You can find all of the currently available integrations, wrappers and extensions on our Integrations page.

But the year wasn’t only filled with pleasantness, releases and updates. On Monday, June 29, 2020 we were notified by a security researcher that one of our Elasticsearch clusters was exposed to the Internet without authentication. We notified clients and wrote a technical blog post almost immediately. The response from clients and the security community as a whole was encouraging, with the occasional well-deserved eye roll on Twitter. But we did declare war on surface area sprawl and we remain dedicated to helping others avoid the situation that we found ourselves in.

We don’t plan on slowing down in 2021. With major new launches planned for the beginning of the year, and the determination to improve our existing tools, we recommend you stay tuned for everything the new year will bring!

SecurityTrails Blog

The SecurityTrails Blog didn’t take any rests in 2020 either, and just as we do every year, we upped the game when it comes to research, interviews, tool reviews, and the vast range of topics we cover.

With 285 blog posts published to date, we can proudly say that we’ve managed to explore a wide array of general and specific infosec and cybersecurity issues, and strategic and technical concepts, while providing fun-to-read, honest and transparent opinions and reviews, as well as our eagerly awaited interviews with industry leaders.

Number of blogposts

The biggest change to the blog has been the addition of the audio version for each blog post, as well as the ability to listen to all of our latest articles on the go—on Spotify and Apple Podcasts.

Let’s go over some of the other blog favorites we featured in 2020.

We were very excited to share our review of the Social Engineering Toolkit - SET, an open source cybersecurity tool aimed at pen testing using humans as the main target and offering many attack vectors and techniques. As it’s a well-known and beloved industry tool, we highly recommend you check out the review and learn how you can get started with SET.

Another essential tool review is our walk-through of Shodan, a search engine for IoT devices. We went deep into the process of grabbing intelligence from Shodan with different options and features to find locations of devices, exposed ports, services running on devices, technologies in use and CVEs.

Along with our favorite security tools, we delivered three cheat sheets for three different uses: red team tools, blue team tools and tools to combat phishing attacks. Each article features over 20 tools and their descriptions, giving you a handy resource for building your offensive and defensive security toolkit.

If you’re someone who prefers to work from web- and GUI-based tools that offer you a fast and simple solution, but have a hard time finding replacements for one of our personal favorites, Nmap—we’re happy to share with you our run-down of 5 Nmap online alternatives.

While advanced persistent threats were once considered primarily dangerous to government institutions and enterprises, now no organization is truly safe from APTs. This is why we thoroughly delve into the differences between APTs and “regular” threats, the APT lifecycle, indicators of an APT, and best practices in defending against this type of silent threat.

Greatly complementing the informative #ProTips series we bulked up last year, we shared knowledge and expertise from the amazing researcher Gregory Boddin from LeakIX, including his insights into the leaky internet: database leaks and how to secure them, meow attacks and their identification, his favorite open source scanning tools, source code mining and tackling IPv6.

Quantum Security Series

Quantum Security Series

Quantum Security was a three-part series by Nicolas Pence—our technical writer who joined us during the first half of the year. The first part of the series, appropriately named “A game changer technology”, took us into the fundamentals of what quantum computing is, how it can affect your system’s security and how to protect yourself from crypto-attacks.

In the second part of the series, “Random and mysterious”, we learned about quantum networks, quantum telecommunication, the difficult problems it’s trying to solve, and post-quantum VPN.

Concluding the quantum security series, “All things quantum” covered the state of quantum computers at the time of its writing, including related security issues and concerns that need addressing now and in the future. An innovative topic for our blog, quantum computing joins the numerous other areas and concepts we explore in the interest of security being held as an imperative.

Recon Safari

Recon Safari Series

The Recon Safari series has been on a transformative journey since it first appeared on SecurityTrails. Starting out as (long) Twitter threads where we covered our OSINT investigations into targets that were recently involved in breaches and leaked records, Recon Safari evolved into digestible infographics highlighting our discoveries that were ultimately followed with writeups on our blog.

In the first part of the Recon Safari series, we looked into a (then) recent data breach suffered by Friendemic, a reputation management and digital customer experience company. We decided to dig into our OSINT data available via SurfaceBrowser™: WHOIS and DNS history, subdomains with their hosts, ports and SSL certificates.

The second part of the Recon Safari series was our most popular 2020 blog post, which followed the trail of 63 fake U.S. Census Bureau domains. Using the same data we used earlier in the series, we applied logical deduction to spot obvious trends among these domains. Make sure you check out why it ranked as the favorite blog post of 2020.

Wrapping up the series was our investigation into 119 domains seized by the Department of Justice, all of which were created by Iran’s Islamic Revolutionary Guard Corps (IRGC). While the geopolitical issues around an investigation like this one are not lost on us, this data is already public—we just wanted to show how you can go in deeper and follow the breadcrumbs, to see what the data can tell us.

We plan on continuing our OSINT investigations and showcasing how a combination of OSINT, SecurityTrails tools and other techniques can help you uncover much more from data that doesn’t appear to offer much. We’ll also keep covering recent leaks and breaches to see what we can learn from them.

Interview Series

Interview Series

Our well-known and well-loved interview series featured six new interviews in 2020. Interviews are done by our writer Sara Jelen, who since the beginning of the series in February of 2019 has brought on many industry leaders, founders, researchers and others whose voices have a powerful echo in the infosec and cybersecurity community. Her candid interviews aren’t only concerned with asking technical questions about current trends, threats and advancements, but also with exploring the human element of our industry, and the people behind the tools and projects we all know and love.

The first interview of the year was with Gabriella Biella Coleman, an anthropologist with an academic career focusing on the politics, culture, and ethics of hacking. We had the chance to meet Biella while attending 36c3, where she was presenting her project, Hack_Curio. Not only did we chat with her about the project, we also learned about how she found her place in the security industry as an “outsider”, her favorite hacker myths, and what has changed since she released her earliest works in the hacker culture and community.

We got to know Tanya Janca, the founder of SheHacksPurple an online learning academy, community, and podcast that focuses on teaching how to create secure software. We talked about the challenges of bridging the gap between software development and information security, and Tanya shared about her rich background in IT that spans over two decades as well as her background in… hardcore punk? That’s all we’ll say.

For the first time in our interview series we spent time with not just one but two guests, Dan Sherry and Grace Chi, co-founders of Pulsedive Intelligence. They joined us (virtually) to share their insights on finding the right fit for a co-founder, their “show don’t tell” approach, analyst-centric threat intelligence, and much, much more. We’ll let the title “Cats, Board Games, and Analyst-Centric Threat Intelligence’’ speak for itself.

Technology and its progress is amazing, but sometimes it’s nice to kick back and listen to old-fashioned records. We went with Tzury Bar Yochay, CEO of Reblaze, to his favorite record store where he showed us his collection of records with intriguing words in their titles—API, DoS, and WAAP. Besides appreciating Tzury’s taste in music, we talked with him about the vision behind Reblaze, and what “Reblazing” web security means. We were also the first to hear about their exciting new project: Curiefense.

Tackling a topic that gained attention in 2020—residential IP proxies—and to help better understand the role anonymization infrastructure plays in the cybercrime realm, we chatted with Tom Kilmer, founder of Spur Intelligence. We got the opportunity to hear Tom’s backstory, how he discovered the need for a service like Spur, and how they’ve been positioning themselves as an “anti-TI” vendor in the IP reputation space.

For the final interview of the year we spoke with none other than Scott Helme, the person behind many innovative and impressive projects including Report URI, Security Headers, Crawler.Ninja and his personal blog, which is full of educational content regarding encryption and general security topics. Scott talked about all of these projects, his masterful time-management skills and how we can encrypt the entire internet.

The SecurityTrails interview series will only continue to bring in both fresh and established faces in the industry who can help us better understand the intricacies of the current landscape. We recommend you stay tuned to learn about what we’ve prepared for 2021, and don’t forget, you can listen to all of our interviews for a truly podcast-esque experience.

Final words

And that’s a wrap on 2020! We want to thank everyone who was with us throughout the year: our wonderful and talented team who worked relentlessly on delivering the best results on every front; our loyal customers and community who unsparingly shared their feedback to help us achieve the perfect solutions for all. Without all of your support and inspiration, we wouldn’t be able to call this year a successful one.

All we can say, without revealing too much, is—stay tuned for everything we’re preparing in 2021. ‘Till next year!

SARA JELEN

Sara believes the human element is often at the core of all cybersecurity issues. It’s this perspective that brings a refreshing voice to the SecurityTrails team. Her ability to bridge cognitive/social motivators and how they impact the cybersecurity industry is always enlightening.