2 thoughts on “An Ongoing Attack – Attacker Metadata Information

  1. Chris,
    I’ve been using JustMetaData for a short time and had a question regarding the shared keys information. What information or intelligence (beyond the obvious) do you forsee being able to garner from the fact that multiple IPs share the same HTTPS public key?

    So far, I think this tool has been quite useful!

    • My thought process on that is if you identify systems using the same HTTPS Certificate, or SSH key, or both, that you could hypothesize that they might be admined by the same person/group, even if distributed geographically. It’s trying to identify relationships/similarities across different systems over a large data set that might not otherwise be obvious.

Leave a Reply