Credential Discovery

C

Credential Discovery in cybersecurity refers to identifying and locating valid authentication credentials within an organization's systems and environment. These credentials can include:

  • Usernames

  • Passwords

  • API keys

  • Tokens

  • Certificates

Attackers often use credential discovery techniques to gain unauthorized access to systems, data, and accounts. Once they obtain valid credentials, they can impersonate legitimate users, move laterally within a network, and carry out malicious activities.

ThreatNG aids in credential discovery in the following manner:

  • External Discovery: ThreatNG's external discovery capabilities help identify potential sources of exposed credentials. For example, it discovers public code repositories and online sharing platforms where credentials might be unintentionally published.

  • External Assessment: ThreatNG assesses various sources for exposed credentials:

    • Dark Web Presence: ThreatNG monitors the dark web for compromised credentials. 

    • Code Repository Exposure: ThreatNG discovers code repositories and investigates their contents for various types of credentials, including:

      • Access Credentials (API Keys, Access Tokens) 

      • Generic Credentials (usernames and passwords) 

      • Cloud Credentials (AWS credentials) 

      • Security Credentials (cryptographic keys) 

    • Mobile App Exposure: ThreatNG discovers mobile apps and analyzes them for the presence of:

      • Authentication/Authorization Tokens & Keys 

      • Authentication Credentials (usernames, passwords, OAuth credentials)

      • Service Account/Key Files 

      • Private Keys (Cryptography) 

    • Online Sharing Exposure: ThreatNG searches online code-sharing platforms for organizational entity presence.

  • Reporting: ThreatNG provides reports that can include findings related to exposed credentials, giving organizations visibility into potential credential compromise.

  • Continuous Monitoring: ThreatNG monitors sources like the dark web and code repositories for new exposures, including compromised credentials. This ongoing monitoring helps organizations stay informed about potential credential risks.

  • Investigation Modules: ThreatNG's investigation modules, such as the Code Repository Exposure and Dark Web Presence modules, are crucial for credential discovery:

    • Code Repository Exposure: This module actively searches for and identifies exposed credentials within code repositories.

    • Dark Web Presence: This module focuses on discovering mentions of an organization's related people, places, or things and associated compromised credentials on the dark web.

  • Intelligence Repositories: ThreatNG's intelligence repositories include data on compromised credentials found on the dark web and other sources. These repositories provide valuable context and help identify known credential exposures.

  • Works with Complementary Solutions: ThreatNG's credential discovery capabilities can be integrated with other security tools and processes. For example:

    • Findings on exposed credentials can be fed into Identity and Access Management (IAM) systems to enforce password resets or multi-factor authentication.

    • ThreatNG's обнаруженные credentials can be used to enhance threat intelligence platforms and Security Information and Event Management (SIEM) systems.

  • Examples of ThreatNG Helping:

    • ThreatNG can discover exposed API keys in a public code repository, allowing an organization to revoke them and prevent unauthorized access to its services.

    • ThreatNG can identify compromised employee credentials on the dark web, enabling the organization to take proactive steps to secure those accounts and prevent potential account takeovers.

    • ThreatNG can detect exposed credentials within mobile apps, prompting the organization to update the app and remove the hardcoded credentials.

  • Examples of ThreatNG Working with Complementary Solutions:

    • ThreatNG's обнаруженные compromised credentials can be used to trigger automated password resets in a company's Active Directory.

    • Information on exposed credentials can be shared with a SIEM system to correlate with other security events and detect potential malicious activity.

Previous
Previous

In-App Secret Detection

Next
Next

Mobile App Security Posture