Using Haversine to Detect Stolen Credentials and Querying Who Stole Them with nInfo
How can you find stolen credentials more proactively? With a little math (already programmed) and free geolocation data, your access logs can be used to determine the feasibility of logins from two different geographic locations within a specified period. Tools like nInfo can then help identify who's using those compromised accounts. A plugin-based information gathering system, nInfo is a Google-like "get info" tool for querying multiple systems for an IP, MAC address, or username to collect information. It's a command line tool, a reusable library, and a web interface. Plugins for nInfo can be written to grab data from any internal or external system.
See how IP-based geolocation data can proactively detect compromised accounts using Haversine * Learn about a nicer way to query multiple data sources using nInfo * Learn how to get nInfo set up at your organization and how to write custom plugins