Hunt Platform Statistics Launch
Published on
Published on
Published on
Sep 19, 2023
Sep 19, 2023
Sep 19, 2023
The Power of the Hunt.io Platform
Today, we're providing some transparency on how our platform works. We've designed the Hunt.io platform from the ground up to find and monitor malicious infrastructure. Every piece of the design is meticulously assembled for scale and for finding and saving vectors that will be useful for isolating malicious activity now and in the future.
The platform is very powerful. It starts with a massive observation collection. We've launched a statistics page which allows you to see inside the platform to understand the current activities. Activities shift throughout the hour and are made available in real time to the platform. The data cluster saving all these metrics can save up to 1M observations per second in its current incarnation and can be expanded horizontally.
Platform Statistics Page Launch
1 Platform wide observations per second is the sum of all the parts listed below.
2 Port Scans found are ports that reply as being open. We are scanning segments of the entire internet very fast. We are currently tweaking and tuning scanning cadence to see malicious activity.
3 Protocol detection is a custom protocol detector that's made to be fast and extensible. Later we can use it to find custom C2 protocols or other malicious signs running it on every unknown port.
4 HTTP pages are grabs of full HTML content.
5 SSH keys are public SSH keys used to associate malicious activity and look for tenant change on a server.
6 JARM hashes are a large scale collection of TLS fingerprints to give us an idea that a piece of software might be associated or malicious.
7 Parsed certificates are parsed SSL certificates to break out identifying items in each certificate.
Approximate Platform wide Statistics
Previously designing 2 large scale real time data systems for other projects, for Hunt we wanted to build a horizontally scalable cluster from day one. For hunting malicious infrastructure every nuanced detail needs to be saved. Our first iteration of the Hunt platform has the following hardware as of today:
512 Physical Cores
6TB of RAM
280TB NVMe Storage
20gbe networking between nodes
This allows us to store the following and scale horizontally as we need to:
37.4 trillion data points right now
1.5 million scheduled port probes per second
300k port guesses per second
10s of thousands of unique ports detected
200 million certificates per day
25 million unique certificates per day
168 million service detections per day
710 million unique open port/ip combos per day
55 million JARMS per day
60 million HTTP grabs per day
34 million unique public ssh keys per day (13M RSA, 11.2M ED25519 and 10M ECDSA)
How to View Platform Statistics
From the Hunt Dashboard look for the graph widget and click it to get to the Platform Wide. If you don't have an account, apply for one now.
The Power of the Hunt.io Platform
Today, we're providing some transparency on how our platform works. We've designed the Hunt.io platform from the ground up to find and monitor malicious infrastructure. Every piece of the design is meticulously assembled for scale and for finding and saving vectors that will be useful for isolating malicious activity now and in the future.
The platform is very powerful. It starts with a massive observation collection. We've launched a statistics page which allows you to see inside the platform to understand the current activities. Activities shift throughout the hour and are made available in real time to the platform. The data cluster saving all these metrics can save up to 1M observations per second in its current incarnation and can be expanded horizontally.
Platform Statistics Page Launch
1 Platform wide observations per second is the sum of all the parts listed below.
2 Port Scans found are ports that reply as being open. We are scanning segments of the entire internet very fast. We are currently tweaking and tuning scanning cadence to see malicious activity.
3 Protocol detection is a custom protocol detector that's made to be fast and extensible. Later we can use it to find custom C2 protocols or other malicious signs running it on every unknown port.
4 HTTP pages are grabs of full HTML content.
5 SSH keys are public SSH keys used to associate malicious activity and look for tenant change on a server.
6 JARM hashes are a large scale collection of TLS fingerprints to give us an idea that a piece of software might be associated or malicious.
7 Parsed certificates are parsed SSL certificates to break out identifying items in each certificate.
Approximate Platform wide Statistics
Previously designing 2 large scale real time data systems for other projects, for Hunt we wanted to build a horizontally scalable cluster from day one. For hunting malicious infrastructure every nuanced detail needs to be saved. Our first iteration of the Hunt platform has the following hardware as of today:
512 Physical Cores
6TB of RAM
280TB NVMe Storage
20gbe networking between nodes
This allows us to store the following and scale horizontally as we need to:
37.4 trillion data points right now
1.5 million scheduled port probes per second
300k port guesses per second
10s of thousands of unique ports detected
200 million certificates per day
25 million unique certificates per day
168 million service detections per day
710 million unique open port/ip combos per day
55 million JARMS per day
60 million HTTP grabs per day
34 million unique public ssh keys per day (13M RSA, 11.2M ED25519 and 10M ECDSA)
How to View Platform Statistics
From the Hunt Dashboard look for the graph widget and click it to get to the Platform Wide. If you don't have an account, apply for one now.
Related Posts:
Shared SSH Keys Expose Coordinated Phishing Campaign Targeting Kuwaiti Fisheries and Telecom Sectors
Shared SSH keys expose coordinated phishing targeting Kuwaiti fisheries, telecoms, and insurers with cloned login portals and mobile payment lures. Learn more.
Shared SSH Keys Expose Coordinated Phishing Campaign Targeting Kuwaiti Fisheries and Telecom Sectors
Shared SSH keys expose coordinated phishing targeting Kuwaiti fisheries, telecoms, and insurers with cloned login portals and mobile payment lures. Learn more.
This post explores open-source proxy tools commonly used in attacker and red team infrastructure, and shows how defenders can detect IOX, FRP, Rakshasa, and Stowaway at scale using Hunt.io.
This post explores open-source proxy tools commonly used in attacker and red team infrastructure, and shows how defenders can detect IOX, FRP, Rakshasa, and Stowaway at scale using Hunt.io.
APT36-style phishing campaign mimics India’s Ministry of Defence to drop malware on Windows and Linux via spoofed press releases and HTA payloads.
APT36-style phishing campaign mimics India’s Ministry of Defence to drop malware on Windows and Linux via spoofed press releases and HTA payloads.
APT34-like infrastructure mimicking an Iraqi academic institute and fake UK tech firms reveals early-stage staging on M247 servers. Learn what to track
APT34-like infrastructure mimicking an Iraqi academic institute and fake UK tech firms reveals early-stage staging on M247 servers. Learn what to track
Shared SSH Keys Expose Coordinated Phishing Campaign Targeting Kuwaiti Fisheries and Telecom Sectors
Shared SSH keys expose coordinated phishing targeting Kuwaiti fisheries, telecoms, and insurers with cloned login portals and mobile payment lures. Learn more.
This post explores open-source proxy tools commonly used in attacker and red team infrastructure, and shows how defenders can detect IOX, FRP, Rakshasa, and Stowaway at scale using Hunt.io.
Products
Latest News
Hunt Intelligence, Inc.
Products
Latest News
Hunt Intelligence, Inc.
Products
Latest News
Hunt Intelligence, Inc.