Twitter | Search | |
GreyNoise
GreyNoise analyzes Internet background noise. Use GreyNoise to remove pointless security alerts, find compromised devices, or identify emerging threats.
258
Tweets
54
Following
13,859
Followers
Tweets
GreyNoise Oct 17
Per our latest funding round and an influx of new Enterprise customers, GreyNoise has expanded our collector network size by 300%. All users should expect a substantial increase in observed data and API users will notice an increase in hit ratio. This is effective immediately.
Reply Retweet Like
GreyNoise Sep 16
Replying to @GreyNoiseIO
The relevant GreyNoise tags are: "SSH Honeypot Detector" "Cobalt Strike SSH Client" Tags available to all users now.
Reply Retweet Like
GreyNoise Sep 16
Replying to @GreyNoiseIO
This tactic is interesting, because it is functionally identical to the methodology used frequently by threat intelligence vendors to preemptively fingerprint, identify, and block adversary command and control infrastructure.
Reply Retweet Like
GreyNoise Sep 16
Since May of this year, GreyNoise has observed an unknown actor quietly fingerprinting SSH honeypots on the Internet, exclusively through Tor. The actor is using Cobalt Strike's SSH client. This is likely being done to avoid threat intelligence vendors.
Reply Retweet Like
GreyNoise retweeted
GreyNoise Aug 4
GreyNoise is proud to announce a $4.8m investment lead by
Reply Retweet Like
GreyNoise Aug 4
GreyNoise is proud to announce a $4.8m investment lead by
Reply Retweet Like
GreyNoise Jul 10
Reply Retweet Like
GreyNoise Jul 6
GreyNoise is observing "vuln check probes" and active opportunistic exploitation of the recent F5 RCE vulnerability CVE-2020-5902 from multiple devices. Tags are available for all users now. tags:"F5 BIG-IP TMUI RCE" tags:"F5 BIG-IP TMUI RCE Vuln Check"
Reply Retweet Like
GreyNoise May 22
Announcing the GreyNoise Analysis page. Submit unstructured logs or lists of IPs via file upload or clipboard copy/paste, quickly enrich thousands of lines, and browse results to identify noise status, classification, and actors. This feature is available to all free users now.
Reply Retweet Like
GreyNoise May 14
Replying to @GreyNoiseIO
Use code "GREYNOISEROCKS" for a $5 credit for Spur's new API offering.
Reply Retweet Like
GreyNoise May 14
GreyNoise now provides VPN gateway details for IPs affiliated with commercial VPN providers, represented in the visualizer as a VPN badge and the full VPN service provider in the IP view. Data is provided in partnership with Spur Intelligence. This is available to all users now.
Reply Retweet Like
GreyNoise Apr 23
Replying to @GreyNoiseIO
Free users receive notifications within one day, Enterprise customers receive notifications in real-time. Support for webhook, Slack notifications, data export attachments, and SIEM integration coming soon. Access the feature here:
Reply Retweet Like
GreyNoise Apr 23
Announcing GreyNoise Alerts. Create a free account, enter the IP ranges that belong to your organization. If GreyNoise observes any devices within those ranges become compromised or start scanning the Internet, we send you an email. This beta feature is available to all users now
Reply Retweet Like
GreyNoise Mar 30
GreyNoise now exposes which CVEs devices are probing for or exploiting, and exposes whether the activity being observed by the device is "spoofable" or not (completed valid TCP three-way-handshake). Updates are live for all users now.
Reply Retweet Like
GreyNoise Mar 26
We are rolling out support for GNQL CVE autocomplete next week in the GreyNoise web interface. Identify devices probing the Internet for for or opportunistically exploiting 83 unique CVEs and counting. This will be available to all users, free, next week.
Reply Retweet Like
GreyNoise Mar 23
GreyNoise is observing malicious actors attempting to "spoof" benign tags by crawling and exploiting systems on the Internet using the user agents of legitimate security companies and search engine/SEO bots, such as the attached device. Please be advised.
Reply Retweet Like
GreyNoise Mar 13
GreyNoise is observing ~300 devices probing the Internet for devices vulnerable to Windows SMB CVE-2020-0796 (SMBGhost). The majority of the probes are originating from a hosting provider in Germany. Tags are available to all users now.
Reply Retweet Like
GreyNoise Feb 20
GreyNoise now allows all free/paid users to filter Internet scan data by whether or not the activity was "spoofable" (completed TCP three-way-handshakes) via GNQL (visualizer, API). Additionally, all Enterprise customers can now export data to JSON/CSV with one click
Reply Retweet Like
GreyNoise Jan 16
We are observing ~50 non-benign devices opportunistically crawling the Internet for or exploiting Citrix CVE-2019-19781 cve:CVE-2019-19781 -classification:benign
Reply Retweet Like
GreyNoise Jan 10
GreyNoise is tagging Citrix Netscaler CVE-2019-19781. Additionally, effective tonight, GNQL now supports searching by CVE. Use the following GNQL query to identify non-benign devices opportunistically exploiting this vulnerability. cve:cve-2019-19781 -classification:benign
Reply Retweet Like