Domain Connectivity Analysis Tool In Python

DomainCAT (Domain Connectivity Analysis Tool)

“See Connections Between Domains Right Meow”

The Domain Connectivity Analysis Tool is used to analyze aggregate connectivity patterns across a set of domains during security investigations

This project was a collaborative effort between myself and Matthew Pahl

Introduction

When analyzing pivots during threat hunting, most people approach it from the perspective of “what can a single
pivot tell you?” But often actors will set their domains up to use commodity hosting infrastructure, so the number of
entities associated with a given pivot are so big they don’t really give you any useful information.

This is where DomainCAT can help. Actors make decisions around domain registration and hosting options when setting
up their malicious infrastructure. These can be considered behavioral choices.