Mastodon Feed
Reblogged by jsonstein@masto.deoan.org ("Jeff Sonstein"):
neurovagrant@masto.deoan.org ("Ian Campbell") wrote:
Do subdomains matter in threat intelligence and blue-teaming? Well, if you're Rolex, it's the difference between not having a reason to investigate a domain like team-okta[.]com spinning up on Cloudflare on 2024-05-21 and, well...
a subdomain of rolex.team-okta[.]com spinning up on 2024-05-26.
Seems pretty sus. Make sure you've got visibility on stuff like this.
Because this isn't special; this is just another Tuesday on the internet.