Having decided to try Matrix in the field of cyber security we found ourselves faced with several choices. One of the main ones was what to do with the evidence found. Once we identified a threat, what did we do with it? Working in the sector, the first choice was Netcraft, it would have been an excellent tool to evaluate our results. After a while we realized that Netcraft was good for online threats or those that could be easily detected anyway. For all other threats, especially those in the process of being installed, more was needed. We therefore decided to publish all reports on Twitter. Emiliano had a profile that he didn’t use and so we started with that. In a few months the quantity and quality of the reports became important and the “ecarlesi” profile became frequented by analysts and operators in the cyber security sector. This led to learning about new realities and creating new opportunities.
Below you can find some links that describe the project and its integration with Twitter:
- https://www.namecheap.com/blog/our-fight-against-fraud-and-abuse-an-update
- https://carlesi.vg/2021/05/25/the-smith-project
- https://carlesi.vg/2022/12/07/update-from-twitter-account
- https://carlesi.vg/2022/10/03/200k-tweets
- https://carlesi.vg/2022/11/24/goodfatr
- https://carlesi.vg/2022/11/24/infosec-people-that-post-iocs-on-twitter
With the arrival of Musk and the related havoc on Twitter, the “ecarlesi” account was suspended for violating the rules on counterfeiting. The profiles of flat-Earthers and Trump fans were probably more welcome than those who collaborate on network security 😀
At that time we had begun to be interested in Urlscan, so we decided to move the publication of our information to this platform. This brought a great advantage, some of the tasks we previously had to do to publish a decent report on Twitter were now done better by Urlscan! We only had to communicate the URL and only thought about making the screenshot, performing the Whois request, etc.
The Urlscan team was very kind and helpful in supporting us in the integration phase.
Since the tweets from the Twitter profile “ecarlesi” were loaded into Urlscan, we decided to keep the tag “@carlesi”. You can then access the feed produced by Matrix and published in urlscan via this search link:
https://urlscan.io/search/#task.tags:%22@ecarlesi%22
In less than a year, Matrix sent nearly 2.5 million reports to Urlscan, all publicly available. We think this is a great contribution to the cyber security sector, also achieved thanks to Urlscan.
Leave a Reply