Credential Discovery
Credential Discovery in cybersecurity refers to identifying and locating valid authentication credentials within an organization's systems and environment. These credentials can include:
Usernames
Passwords
API keys
Tokens
Certificates
Attackers often use credential discovery techniques to gain unauthorized access to systems, data, and accounts. Once they obtain valid credentials, they can impersonate legitimate users, move laterally within a network, and carry out malicious activities.
ThreatNG aids in credential discovery in the following manner:
External Discovery: ThreatNG's external discovery capabilities help identify potential sources of exposed credentials. For example, it discovers public code repositories and online sharing platforms where credentials might be unintentionally published.
External Assessment: ThreatNG assesses various sources for exposed credentials:
Dark Web Presence: ThreatNG monitors the dark web for compromised credentials.
Code Repository Exposure: ThreatNG discovers code repositories and investigates their contents for various types of credentials, including:
Access Credentials (API Keys, Access Tokens)
Generic Credentials (usernames and passwords)
Cloud Credentials (AWS credentials)
Security Credentials (cryptographic keys)
Mobile App Exposure: ThreatNG discovers mobile apps and analyzes them for the presence of:
Authentication/Authorization Tokens & Keys
Authentication Credentials (usernames, passwords, OAuth credentials)
Service Account/Key Files
Private Keys (Cryptography)
Online Sharing Exposure: ThreatNG searches online code-sharing platforms for organizational entity presence.
Reporting: ThreatNG provides reports that can include findings related to exposed credentials, giving organizations visibility into potential credential compromise.
Continuous Monitoring: ThreatNG monitors sources like the dark web and code repositories for new exposures, including compromised credentials. This ongoing monitoring helps organizations stay informed about potential credential risks.
Investigation Modules: ThreatNG's investigation modules, such as the Code Repository Exposure and Dark Web Presence modules, are crucial for credential discovery:
Code Repository Exposure: This module actively searches for and identifies exposed credentials within code repositories.
Dark Web Presence: This module focuses on discovering mentions of an organization's related people, places, or things and associated compromised credentials on the dark web.
Intelligence Repositories: ThreatNG's intelligence repositories include data on compromised credentials found on the dark web and other sources. These repositories provide valuable context and help identify known credential exposures.
Works with Complementary Solutions: ThreatNG's credential discovery capabilities can be integrated with other security tools and processes. For example:
Findings on exposed credentials can be fed into Identity and Access Management (IAM) systems to enforce password resets or multi-factor authentication.
ThreatNG's обнаруженные credentials can be used to enhance threat intelligence platforms and Security Information and Event Management (SIEM) systems.
Examples of ThreatNG Helping:
ThreatNG can discover exposed API keys in a public code repository, allowing an organization to revoke them and prevent unauthorized access to its services.
ThreatNG can identify compromised employee credentials on the dark web, enabling the organization to take proactive steps to secure those accounts and prevent potential account takeovers.
ThreatNG can detect exposed credentials within mobile apps, prompting the organization to update the app and remove the hardcoded credentials.
Examples of ThreatNG Working with Complementary Solutions:
ThreatNG's обнаруженные compromised credentials can be used to trigger automated password resets in a company's Active Directory.
Information on exposed credentials can be shared with a SIEM system to correlate with other security events and detect potential malicious activity.
