15. Available Tools
UrlCrazy
Andrew Horton - @urbanadventur3r
http://www.morningstarsecurity.com/research/urlcrazy
dnstwist
Marcin Ulikowski - @elceef
https://github.com/elceef/dnstwist
18. Preventative Measures
Block in web proxy
Blackhole DNS
Increase monitoring
Proxy logs
email containing links to these domains
Client DNS queries
19. + and -
Will find some variations, like we11point.com
prennera.com not originally detected - dnstwist supported - 9/16
careflrst.com detected, caref1st.com wasn’t originally. dnstwist
support added 9/16
20. + and -
Will not detect things like service-paypal.com
Does not protect external users / customers
Unless you pursue domain seizure under WIPO UDRP
or US Anticybersquatting Consumer Protection Act
https://www.icann.org/en/system/files/files/guidance-
domain-seizures-07mar12-en.pdf