Exposure analysis services are an effective tool to collect map the attack surface of your company, executives or family members. By utilising Open Source Intelligence (OSINT) gathering and technical enumeration techniques, our operatives are able to collect the same information information and technical data an adversary would. Through correlation of this collected information, we aim to map your digital exposure and identifying eminent risks. By applying an adversarial hacker mindset, we are able to identify information that may otherwise go unnoticed. With our deeply rooted technical approach, this service forms an effective addition to our Digital investigations. These services can be performed either covertly or overtly.
Explosure analysis may include:
-
Online identification : Attempt to map the targeted individual or business onto specific social media, email and messaging accounts including: LinkedIn, Facebook, Twitter, Clubhouse, TikTok, Telegram, WhatsApp and Google services.
-
System identification: When targeting a business, it is likely they have servers exposed to the internet. During this phase it is attempted to identify Internet facing systems owned and operated by the target. As these systems are also likely to be targeted by adversaries.
-
Leaked credentials: Online services are breached on a daily basis, if such breach occurs often credentials of the users are leaked. These credentials may be re-used by adversaries to compromised accounts. By actively searching for this information, the information can be identified before an attacker abuses it.
-
Exposed services: Once the Internet facing systems are identified, they are actively scanned to identify exposed services. Service inadvertedly exposed, using outdated software or that are misconfigured may be exploited by adveraries to gain access to those systems.
-
System abuse: By searching underground forums and Internet scanners, systems that may have already been compromised by adversaries can be identified.
These activities are performed non-invasively by default, but can also be performed intrusively. With the latter collected information and identified vulnerabilities will be actively exploited in order to gain access to systems and information.
Contact us for an initial conversation to discuss your Exposure analysis requirements.