Embarking on a threat hunting mission is often akin to searching for a needle in a digital haystack—especially when no confirmed Indicator of Compromise (IOC) exists. Researchers and security professionals usually start with a vast array of potential targets, leveraging their knowledge of threat actor tactics and previously targeted systems within their industry.
A pragmatic yet powerful approach involves starting with a geographic focus. Geography can significantly narrow down the investigation, transforming the overwhelming expanse of global internet infrastructure into a manageable field relevant to your threat-hunting objectives. For example, our investigation into Russian ransomware began by using Russia as an initial search filter, with the thought that starting there could help us identify C2 infrastructure. (Spoiler: We did!)
Within Censys Search, users can easily refine their search by geographic parameters using simple syntax like location.country: “United States” or more detailed queries combining city and country, such as location.country: “United States” and location.city: “Philadelphia”. Below, you’ll find a comprehensive list of location parameters you can use to enhance your query.
However, your geolocation interests may not always align perfectly with these options. Or, you may not have relevant information on hand, like coordinate ranges. Sometimes, the goal is to survey a broader region—like the Eastern Seaboard of the United States—without zeroing in on specific states or counties. This approach is ideal when you’re initially more interested in identifying overarching trends and anomalies. Alternatively, your geolocation interest may be more specific than what the “location.city” syntax returns.
This is where the innovative Map to Censys Beta feature in the Censys Search Workshop comes into play, eliminating the need for initial queries.
Here’s how to leverage this powerful tool:
Intuitive Searching with Map to Censys Beta
- Access: Navigate from the Censys Search home page to the Search Workshop and select “Map to Censys Beta.”
- Interactive Mapping: Upon selection, a world map appears. You can zoom in to continents or drill down to townships and streets. To define your search area, use the rectangle tool from the toolbar to draw a region. For instance, draw over the Eastern Seaboard to capture a broad yet significant area.
- Edit and Refine: Adjust the shape of your drawn rectangle with the pencil tool to fit the exact geographical outline you need.
- Search and Analyze: Once your area is highlighted, click “Open in Search.” A new tab will display all hosts in your selected region, offering a granular view of potential threats and anomalies.
Multi-Regional Searches and Additional Views
Map to Censys Beta isn’t just for single-region searches. You can select multiple areas and view aggregated data for all selected regions. To remove an area, simply use the trash can icon. For a different perspective, switch between various display filters like the Esri World Imagery for satellite visuals or OPNVKarte for public transport routes. These filters provide valuable context that can aid in precision during highly-detailed investigations.
A Map to Censys Beta view with multiple geographic areas selected.
A Map to Censys Beta view with Esri World Imagery and Open Railways filters applied.
Bringing the Censys Internet Map to Life
Map to Censys Beta transforms the traditional approach to searching with geolocation by offering a more intuitive and streamlined exploration of the internet landscape. It enhances Censys’ Internet Intelligence Platform, making it an indispensable asset for threat hunting and attack surface management.
Experience the power of searching with geospatial flexibility and precision —try Map to Censys Beta today!
Start your journey with Map to Censys Beta
