Microsoft bought RiskIQ, screwed it up a bit, and then cancelled it outright at the end of 2024. I was heartbroken.
But the other day one of the Maltego guys whispered Silent Push to me, and while it’s not as broad as RiskIQ (yet) it does have a lot of great features, and there’s an excellent Community Edition.
When I added FreelanceTracker.ai to ChewToys it was one of the first investigations like that I did without having RiskIQ handy, and it’s the best thing to revisit with this new tool.
Attention Conservation Notice:
Technical investigation tradecraft. If you’re wanting to break into this area, come on in, you’re going to like Silent Push.
Silent Push:
You have to sign up using a work email, no Gmail, no Proton, but once you jump through that hoop they’ll set you up with a Community Edition login. This is what you see, a very RiskIQ-like dashboard.
The tools on the left are:
Data Export - not for you, groundling.
Threat Intelligence Management - also forbidden, pleb.
Web Data - you can get an big report with hashes, wish it got the martech too.
WHOIS Data - hunt for stuff on domain registration, alas crippled by GDPR.
Attack Surface Mapping - look for gaps, seems defender oriented.
Brand Impersonation - again, not for joyriders.
Query History - search history for paying subscribers.
Monitors - paying subscribers can set a watch on things.
Advanced Query Builder - a wonderland, if you know what you’re doing.
I started poking around with the Quick Search and landed on an IP that had been used by FreelanceTracker[.]ai before they hid behind Cloudflare. One of the things I noticed is that there is a ninety day limit on the back trail. Maybe that’s a Community Edition constraint, maybe it’s because this is a corporate defender’s tool, but RiskIQ’s reports would go back a decade or more for some aspects of a domain.
So this is nice, you can see what happened, when it happened, and some fellow traveler data. This is how you unravel complex schemes, one clue at a time.
Assessment:
A lot of things are paywalled, but fully evaluating Silent Push will be tricky, because there are wonders within the Advanced Query Builder, but you need to know what you are doing to get much benefit from this. The dashboards in RiskIQ were an education in how to pivot and threat hunt, SP feels a lot less slick, at least in the Community Edition format.
There’s much less history available. The domain that hosts this Substack, rauhauser.net, is twenty two years old. RiskIQ could see embarrassing things I did twenty years ago, SP only sees back to 2020. Again, this might be a Community Edition constraint, keep in mind this exists to draw in potential customers.
There is no Maltego transform for Silent Push and as a Community Edition user there’s no API access, so you can’t roll your own. Given that I heard about this company from someone at Maltego, I’m crossing my fingers that this will change. Maltego and a web interface are excellent companions - RiskIQ used to do this, BuiltWith still does. You always want both, once you’ve experienced a system that does things this way.
Conclusion:
Silent Push isn’t a full tilt replacement for what I did with RiskIQ, but it does cover a lot of ground. While their Community Edition is generous by the standards of the genre, one of the reasons I liked RiskIQ is that they gave nonprofits an all you can eat plan. The lack of both API access and a Maltego transform set are problematic, but I get the feeling the latter is going to resolve before too long.
I am going to see if I can wiggle my way into at least an evaluation of their Professional Plan. The monthly access is just double what Community Edition providers, but gaining use of the more advance features will let me write a much broader evaluation.
I’m going to ask if they plan to ever add martech data as a tracked attribute, I want to know how soon they’ll be offering an MCP interface. Then I’ll cross my fingers and probe to see if they’ve got a soft spot for disinformation hunters.