ThreatNG Threat and Risk Analysis [TaR]
A new cost-effective approach to digital risk and attack surface management. Your organization spent a chunk of the operating budget on siloed solutions for addressing security and risk across multiple departments but still has to dedicate many hours (if not weeks) to develop a clear picture of your threat and risk posture. Here’s why:
What is the Technical Attack Surface?
The Technical Attack Surface (currently popularized as the External Attack Surface) references all publicly available data that is revelatory about an organization's IT infrastructure, services, and applications.
OSINT Top Ten: Number 1 - Domain Information
Coming in at number one of our OSINT Top Ten is Domain Information which includes all Domains, Subdomains, Certificates, Emails, and Permutations/Look-Alikes (Company Names, Domains, and Emails).
OSINT Top Ten: Number 2 - Social Media
It is essential to monitor what is broadcasted on social media for compliant branding, instances of malicious/negative sentiment, and for the appropriate level of information sharing.
OSINT Top Ten: Number 3 - Sensitive Code Exposure
Online code repositories such as GitHub have grown to become standard solutions for version control and source code management. These solutions have proven to be easy-to-use but also prone to misconfigurations leading to the exposure of sensitive information (specifically sensitive code).
OSINT Top Ten: Number 4 - Search Engine Exploitation
Today we'll be talking about robots and dorks because at Number Four of the Open Source Intelligence Top Ten (aka OSINT Top Ten) is Search Engine Exploitation.
OSINT Top Ten: Number 5 - Cloud Exposure
It is important to examine “The Cloud” (especially vendor offerings like Amazon AWS, Google Cloud Platform, and Microsoft Azure) for anything that can be linked directly to your organization, brand, and offerings: key individuals, locations, domains, products, services, and project names.
OSINT Top Ten: Number 6 - Online Text Sharing Repositories
More commonly known as "paste sites," these online sharing repositories make it easy to share text from anywhere to anyone.
OSINT Top Ten: Number 7 - Sentiment and Financials
Monitoring and managing how your organization is presented online and perceived in public digital spaces is an integral part of threat management.
OSINT Top Ten: Number 8 - Archived Web Pages
Mismanagement or turning a blind eye to this vital part of an organization's digital presence can lead to brand damage, data leaks, or even possible persistent/ongoing attacks against existing live assets.
OSINT Top Ten: Number 9 - Dark Web
Is it true that one can only find dark Elves on the dark web? False, the dark elves we've seen are only in the Marvel Cinematic Universe. But there is information on the dark web that does not exist anywhere else.
OSINT Top Ten: Number 10 - Technology Stack
Your technology stack can give away more than you would think. From this alone, anyone can gain knowledge and insight into the inner workings of your organization.
OSINT Top 10
The results from our poll of open source intelligence (OSINT) sources are in, and we have our top ten. Check it out!
Open Source Intelligence (OSINT)
OSINT can facilitate research, competitive intelligence, general information, and even IT Security.
DarcSight: Data Aggregation Reconnaissance Crew for Secure Information Gathering of Holistic Threats
DarcSight Labs is the research and development division of ThreatNG