Showing posts from 2019

Estado de ciberseguridad de organizaciones españolas

Hoy día 11 de diciembre hemos estado en las XIII Jornadas del CCN-CERT presentando los resultados del primer estudio realizado con nuestra infraestructura sobre más de 500 organizaciones españolas.

Nuestro compañero Fran ha estado junto a Leo de CSA contando las principales conclusiones del estudio. Tras la charla, compartimos en este momento el informede forma pública y gratuita.

El estudio aquí presentado pretende abarcar un segmento de la seguridad informática relacionado con el análisis continuo de seguridad de activos expuestos a internet y ampliarlo a un número significativo de organizaciones desde un punto de vista estadístico con el fin de ofrecer una aproximación sobre el estado de seguridad de las entidades bajo estudio. Se han analizado alrededor de 500 organizaciones de 10 sectores distintos.

Pronto tendréis más avances con las siguientes fases de nuestros estudios.

Análisis de exposición y riesgo de entidades españolas

En MrLOOQUER no dejamos de investigar y evolucionar nuestra tecnología para conocer el estado de seguridad de los activos en internet, con una visión global, y con el fin de aportar valor a nuestros clientes y usuarios.  Gracias a nuestro motor de descubrimiento automático somos capaces de determinar el perímetro de una organización expuesto a internet con una precisión validada, con independencia del tipo y tamaño de la organización. Por otro lado, nuestra infraestructura desplegada en Internet nos permite realizar un análisis preciso de seguridad de los activos siguiendo una metodología de caja negra, es decir, de igual forma que los atacantes hacen para encontrar víctimas de sus ataques.  Una vez validada la eficacia de combinar nuestro motor de descubrimiento y nuestras capacidades de análisis de seguridad, nuestro siguiente paso natural era entender cuál es el estado actual de seguridad de las organizaciones en España. Nos hemos puesto a ello y hemos analizado la seguridad de más de …

MrLooquer IOCFeed is now part of Maltiverse

Maltiverse is born as a service oriented to cybersecurity analysts for the advanced analysis of indicators of compromise. And few days ago Maltiverse announce the on boarding of a new IoC feed that contains really valuable information. This feed is MrLooquer IOCFeed.
MrLooquer IOC Feed is the first threat feed focused on systems with dual stack. Since IPv6 protocol has begun to be part of malware and fraud communications, It is necessary to detect and mitigate the threats in both protocols (IPv4 and IPv6).

We analyze and generate daily our dual stack threat feed. You can download below the IOCs we’ve seen in the last 7 days. However, you can access to all our threat database in our IPLake service.
Try Maltiverse with MrLooquer integrated and tell us your feelings.

MrLooquer on Maltiverse
Happy Haking

MrLooquer Rating Integration with Cloud Infrastructure

At last RootedCon edition our CTO Raul Requero presented to the audience our tool MrLooquer Rating.

One of the use cases we presented is the integration of MrLooquer Rating with Cloud environments. This integration solves one of the main problems of security officers, that is having an updated inventory in real time of elements exposed to internet and perform a security analysis automatically.
We have developed an AWS Lamba to make almost immediate starting monitoring your Cloud infrastructure with MrLooquer Rating.

To show how it works we shown a video with a real demo of an AWS account where the lamba is deployed and immediately all new instances launched are provisioned to MrLooquer Rating and analyzed.

Thank you to RootedCON organization for such a great opportunity to share our tools there!

If you want to test it by yourself you'll just need an authentication token that you can get from our web service.
Do you want to know more about this integration? Contact [email protected]

IOCFeed officially released

Dear Looquers,

We are glad to announce that we have officially published IOCFeed in RootedCON X edition. IOCFeed is the new OSINT (Open Source INtelligence) resource available to security community that provides dual stack information about threats in Internet.

This data source can help analysts to do threat analysis. The main goal of this feed is to help security analysts with valuable insight that allows finding interesting connections between IOCs that can be extended to IPv4. Looking at IPv6 information like the prefix analysts can find relationships between threats and determine if a prefix can be considered as malicious, looking at ASN analysts can find statistics of malicious agents present in Internet providers, and other use cases that we will publish in this blog in the following weeks. You are invited to use this feed and give us feedback.

Also, if you are a researcher, a university or a company, and you are interested in complement your data sources with dual stack informa…

When IPv6 met Malware

What are those malware families shown in this graph?
Do you want to know more about these IOCs related with IPv6? Next saturday we are going to publish the first dual stack IOCFeed with useful information for threat analysis to community.
This feed will be free and contains network information such as IPv4, IPv6, open ports, ASN and even CVEs that affect the host. Also, there are interesting relationships between IOCs that can be obtained of you look at IPv6 network information. From now on, you will have a new tool to fingerprint threats in Internet.

More at
Follow us @mrlooquer

See you at RootedCON 2019!!

Dear Looquers, we're happy to announce that this year we will be at one of the top Security conferences of the year!

This time we are going to publish the first open feed with information of threats with dual stack (IPv4 and IPv6). You will discover how to get insightful information when you look at IPv6, you can get relations between IOCs using the prefix, open ports with CVEs affecting the threats, wrong dual stack configuration, and much more. We've reached an agreement with one of the top Cybersecurity companies in Spain to offer you this feed and we will invite others to join the project.

Also, thanks to RootedCON organization we will be able to show new features of MrLooquer Rating and the automatic integration with AWS infrastructures using serverless Lambdas.  See you there!

Follow us on Twitter: @mrlooquer