Hunt Platform Statistics Launch
Published on
Published on
Published on
Sep 19, 2023
Sep 19, 2023
Sep 19, 2023
The Power of the Hunt.io Platform
Today, we're providing some transparency on how our platform works. We've designed the Hunt.io platform from the ground up to find and monitor malicious infrastructure. Every piece of the design is meticulously assembled for scale and for finding and saving vectors that will be useful for isolating malicious activity now and in the future.
The platform is very powerful. It starts with a massive observation collection. We've launched a statistics page which allows you to see inside the platform to understand the current activities. Activities shift throughout the hour and are made available in real time to the platform. The data cluster saving all these metrics can save up to 1M observations per second in its current incarnation and can be expanded horizontally.
Platform Statistics Page Launch
1 Platform wide observations per second is the sum of all the parts listed below.
2 Port Scans found are ports that reply as being open. We are scanning segments of the entire internet very fast. We are currently tweaking and tuning scanning cadence to see malicious activity.
3 Protocol detection is a custom protocol detector that's made to be fast and extensible. Later we can use it to find custom C2 protocols or other malicious signs running it on every unknown port.
4 HTTP pages are grabs of full HTML content.
5 SSH keys are public SSH keys used to associate malicious activity and look for tenant change on a server.
6 JARM hashes are a large scale collection of TLS fingerprints to give us an idea that a piece of software might be associated or malicious.
7 Parsed certificates are parsed SSL certificates to break out identifying items in each certificate.
Approximate Platform wide Statistics
Previously designing 2 large scale real time data systems for other projects, for Hunt we wanted to build a horizontally scalable cluster from day one. For hunting malicious infrastructure every nuanced detail needs to be saved. Our first iteration of the Hunt platform has the following hardware as of today:
512 Physical Cores
6TB of RAM
280TB NVMe Storage
20gbe networking between nodes
This allows us to store the following and scale horizontally as we need to:
37.4 trillion data points right now
1.5 million scheduled port probes per second
300k port guesses per second
10s of thousands of unique ports detected
200 million certificates per day
25 million unique certificates per day
168 million service detections per day
710 million unique open port/ip combos per day
55 million JARMS per day
60 million HTTP grabs per day
34 million unique public ssh keys per day (13M RSA, 11.2M ED25519 and 10M ECDSA)
How to View Platform Statistics
From the Hunt Dashboard look for the graph widget and click it to get to the Platform Wide. If you don't have an account, apply for one now.
The Power of the Hunt.io Platform
Today, we're providing some transparency on how our platform works. We've designed the Hunt.io platform from the ground up to find and monitor malicious infrastructure. Every piece of the design is meticulously assembled for scale and for finding and saving vectors that will be useful for isolating malicious activity now and in the future.
The platform is very powerful. It starts with a massive observation collection. We've launched a statistics page which allows you to see inside the platform to understand the current activities. Activities shift throughout the hour and are made available in real time to the platform. The data cluster saving all these metrics can save up to 1M observations per second in its current incarnation and can be expanded horizontally.
Platform Statistics Page Launch
1 Platform wide observations per second is the sum of all the parts listed below.
2 Port Scans found are ports that reply as being open. We are scanning segments of the entire internet very fast. We are currently tweaking and tuning scanning cadence to see malicious activity.
3 Protocol detection is a custom protocol detector that's made to be fast and extensible. Later we can use it to find custom C2 protocols or other malicious signs running it on every unknown port.
4 HTTP pages are grabs of full HTML content.
5 SSH keys are public SSH keys used to associate malicious activity and look for tenant change on a server.
6 JARM hashes are a large scale collection of TLS fingerprints to give us an idea that a piece of software might be associated or malicious.
7 Parsed certificates are parsed SSL certificates to break out identifying items in each certificate.
Approximate Platform wide Statistics
Previously designing 2 large scale real time data systems for other projects, for Hunt we wanted to build a horizontally scalable cluster from day one. For hunting malicious infrastructure every nuanced detail needs to be saved. Our first iteration of the Hunt platform has the following hardware as of today:
512 Physical Cores
6TB of RAM
280TB NVMe Storage
20gbe networking between nodes
This allows us to store the following and scale horizontally as we need to:
37.4 trillion data points right now
1.5 million scheduled port probes per second
300k port guesses per second
10s of thousands of unique ports detected
200 million certificates per day
25 million unique certificates per day
168 million service detections per day
710 million unique open port/ip combos per day
55 million JARMS per day
60 million HTTP grabs per day
34 million unique public ssh keys per day (13M RSA, 11.2M ED25519 and 10M ECDSA)
How to View Platform Statistics
From the Hunt Dashboard look for the graph widget and click it to get to the Platform Wide. If you don't have an account, apply for one now.
Related Posts:
Learn how a Russian-speaking threat actor has evolved from impersonating EFF to now deploying Cloudflare-themed phishing with Telegram-based C2.
Learn how a Russian-speaking threat actor has evolved from impersonating EFF to now deploying Cloudflare-themed phishing with Telegram-based C2.
Explore exposed infrastructure with URLx: 10.6B+ URLs, HTTPx integration, and advanced filtering - now live in Hunt.io.
Explore exposed infrastructure with URLx: 10.6B+ URLs, HTTPx integration, and advanced filtering - now live in Hunt.io.
Learn how to track and map adversary infrastructure using Hunt, pivoting from a single IP to uncover hidden connections through infrastructure overlaps and key intelligence indicators.
Learn how to track and map adversary infrastructure using Hunt, pivoting from a single IP to uncover hidden connections through infrastructure overlaps and key intelligence indicators.
Track threat actors and malicious infrastructure with Hunt.io’s IOC Hunter Feed and C2 Attribution. Get deeper visibility and context for better threat intelligence.
Track threat actors and malicious infrastructure with Hunt.io’s IOC Hunter Feed and C2 Attribution. Get deeper visibility and context for better threat intelligence.
Learn how a Russian-speaking threat actor has evolved from impersonating EFF to now deploying Cloudflare-themed phishing with Telegram-based C2.
Explore exposed infrastructure with URLx: 10.6B+ URLs, HTTPx integration, and advanced filtering - now live in Hunt.io.
Hunt Intelligence, Inc.
Hunt Intelligence, Inc.
Hunt Intelligence, Inc.