WEBVTT 00:00.890 --> 00:03.450 In this video we're taking a look at grey noise. 00:03.470 --> 00:06.080 It can be found at vs Grey noise. 00:06.350 --> 00:07.040 I o. 00:08.200 --> 00:11.890 And also I have this on the Start Me page. 00:11.890 --> 00:18.730 So Greynoise is interesting in that we can put IP addresses, CVS tags and whatnot. 00:18.730 --> 00:20.860 And this is for this demonstration. 00:20.860 --> 00:26.650 It's really good for if we're pulling up IP addresses, whether we have a IP address we're investigating 00:26.650 --> 00:28.330 or we're doing a. 00:29.060 --> 00:30.440 A look up on a website. 00:30.470 --> 00:38.600 Of course, we can pull up a terminal here and we can do ping and whatever the URL is, say Google.com 00:38.780 --> 00:40.790 to get that IP address. 00:42.670 --> 00:50.320 Okay, let's cancel out of that and we can put different IPS in here and see get some information on 00:50.320 --> 00:50.560 it. 00:50.560 --> 00:51.340 So. 00:52.300 --> 00:57.820 I was going to take a malicious or spam email and pull that URL. 00:57.850 --> 01:01.000 However, those tend to go away pretty quick. 01:01.030 --> 01:03.580 They're usually short lived URLs. 01:03.790 --> 01:06.070 So let's take a look at up in here. 01:06.160 --> 01:08.890 There's trends today tags, analysis, alerts. 01:08.890 --> 01:11.350 I'm just going to click on today and see if anything came up. 01:11.860 --> 01:14.560 So we have some pretty cool ones in here. 01:14.560 --> 01:16.300 We can see this is malicious. 01:16.330 --> 01:16.930 This is a mobile. 01:16.930 --> 01:24.040 We have the IP address organization Chinanet Backbone actor is unknown, last seen country. 01:24.040 --> 01:30.520 And if we click in here, we can see the information that if we put that IP address in here and right 01:30.520 --> 01:36.130 off the bat we get this is a malicious IP greynoise identify malicious activity of this IP. 01:37.430 --> 01:37.940 Okay. 01:37.940 --> 01:41.600 I'm going to click on next and suggested actions, which is great. 01:41.870 --> 01:48.830 And we can see again the organization we can see the actor is unknown if it's spoofed, if it's able 01:48.830 --> 01:59.240 to spoof it first seen last seen country city region as an OS, we can see different tags, ssh brute 01:59.240 --> 02:02.150 force or telnet, brute force or web crawler. 02:03.090 --> 02:04.620 We can see the different ports. 02:04.650 --> 02:09.540 TCP 21, 22, 23, 7110. 02:09.570 --> 02:12.890 There's 33 more that we can go in here and we can see they're all TCP. 02:14.320 --> 02:16.150 We could see if there's any paths. 02:16.180 --> 02:22.870 User agent detected, fingerprint information, if there is any, and hash fingerprints if there is 02:22.870 --> 02:23.140 any. 02:23.140 --> 02:28.930 So, again, this is a lot of great information that we can pull from IP addresses using this site. 02:29.140 --> 02:35.680 And we can take a look at different trends and different tags and and various analysis. 02:35.710 --> 02:37.600 Now, I'm just using the free version. 02:37.600 --> 02:42.130 If you go ahead and sign up, you can get access to to more reports. 02:42.370 --> 02:47.350 But again, this is a really great website that we can potentially use for those IP addresses that we 02:47.380 --> 02:48.130 find. 02:48.340 --> 02:52.330 And again, we can find this over at Visit Gray Noise. 02:52.690 --> 02:54.820 IO, thank you so much for watching.