• To ensure you get the most out of your CIN membership and stay connected with the latest updates, we are asking all members to update their community profiles. Please take a few moments to log in and: • Complete all sections of your profile • Review your current information for accuracy • Enter an alternative email address if desired (CIN requires your valid business email address for your training organization). Keeping your profile up to date helps us better serve you, ensures your account is correctly linked with CompTIA’s CRM, streamlines processes, enhances communication, and guarantees you never miss out on valuable CIN opportunities. Thank you for taking this important step! step!

Introducing urlscan dot io (for Security+ & CySA+)

BrianFord

Well-known member
  • Jun 26, 2023
    121
    2
    292
    13,416
    Flagler Beach, FL
    fordsnotes.com
    Fellow Instructors,

    In Security+ and again in CySA+ (and CASP+) students need to understand how the www works. I often use Virustotal dot com to briefly demo how to investigate suspect urls and files. I found another web based (free to use) tool that helps explain more. That's urlscan dot io. I should provide a hat tp to some of my SOC colleagues from LinkedIn who have been pointing at this for a few weeks.

    urlscan.jpg
    A user submits a url and urlscan goes off and scans the site. I chose to scan comptia.org.

    Comptia_http.jpg
    The scan returns info about the site and http transactions (with associated response codes). Note CompTIA dot org is being served (to me) via an IPv6 address in the USA. You can show all of the elements that make up a web page. You can show the site certificates and check their expiration. Another great capability is to show the DOM scripts served from the site to the client browser.

    Comptia_DOM.jpg

    Warning: Make sure that you scan the site in advance and develop your own 'script' about which fields you are going to share with students. There is a ton of info here and you want to avoid having students asking about each and every field.

    That said I was able to turn this into a short (less than 10 minutes) demo that graphically links different concepts important to the course.

    Enjoy!

    Brian
     
    Thanks Brian
    Fellow Instructors,

    In Security+ and again in CySA+ (and CASP+) students need to understand how the www works. I often use Virustotal dot com to briefly demo how to investigate suspect urls and files. I found another web based (free to use) tool that helps explain more. That's urlscan dot io. I should provide a hat tp to some of my SOC colleagues from LinkedIn who have been pointing at this for a few weeks.

    View attachment 1281
    A user submits a url and urlscan goes off and scans the site. I chose to scan comptia.org.

    View attachment 1282
    The scan returns info about the site and http transactions (with associated response codes). Note CompTIA dot org is being served (to me) via an IPv6 address in the USA. You can show all of the elements that make up a web page. You can show the site certificates and check their expiration. Another great capability is to show the DOM scripts served from the site to the client browser.

    View attachment 1283

    Warning: Make sure that you scan the site in advance and develop your own 'script' about which fields you are going to share with students. There is a ton of info here and you want to avoid having students asking about each and every field.

    That said I was able to turn this into a short (less than 10 minutes) demo that graphically links different concepts important to the course.

    Enjoy!

    Brian
     
    One of my favorite demos that I've been using for a very long time is going to shodan.io and searching the term:
    in-tank

    The result this morning was the identification of 4,521 "results" (3,556 in the US), with many of those results showing fuel levels in tanks along with other information.

    Should the public have access to this information?
     

    Attachments

    • Screenshot 2023-07-31 7.11.42 AM.png
      Screenshot 2023-07-31 7.11.42 AM.png
      140.8 KB · Views: 11
    • Like
    Reactions: Aidy
    Fellow Instructors,

    In Security+ and again in CySA+ (and CASP+) students need to understand how the www works. I often use Virustotal dot com to briefly demo how to investigate suspect urls and files. I found another web based (free to use) tool that helps explain more. That's urlscan dot io. I should provide a hat tp to some of my SOC colleagues from LinkedIn who have been pointing at this for a few weeks.

    View attachment 1281
    A user submits a url and urlscan goes off and scans the site. I chose to scan comptia.org.

    View attachment 1282
    The scan returns info about the site and http transactions (with associated response codes). Note CompTIA dot org is being served (to me) via an IPv6 address in the USA. You can show all of the elements that make up a web page. You can show the site certificates and check their expiration. Another great capability is to show the DOM scripts served from the site to the client browser.

    View attachment 1283

    Warning: Make sure that you scan the site in advance and develop your own 'script' about which fields you are going to share with students. There is a ton of info here and you want to avoid having students asking about each and every field.

    That said I was able to turn this into a short (less than 10 minutes) demo that graphically links different concepts important to the course.

    Enjoy!

    Brian

    I like it! Thanks for sharing!