Attack Surface Assessment
Using open source intelligence (OSINT) we map your organisations network and compile a detailed report. By using Internet Wide Scan Data there is zero impact on your network.
Expert Advice
Independent assessment from a Senior Security Analyst. No BS.
Streamlined Process
Focused on the things that matter. Clear and Accurate Results.
Know Your Exposure
Get a clear snapshot of your external vulnerabilities. Know what an attacker can see.
- Zero Impact on Target
- Fixed Price Security Assessment
- Fast turn around available (72 hrs)
- Clear results from the attackers perspective
- Compare results with Asset Register
- Custom Options Available
- Attack Surface Analysis x4 (Quarterly)
- Hassle Free Regular Assessments
- Monitor Ongoing System Changes
- Clear results from the attackers perspective
- Compare results with Asset Register
- Custom Options Available
Some Common Questions
Typical clients include both Enterprise and Small / Medium Enterprises (SME), anyone with more than a handful of Internet facing services will get immediate value from this type of assessment. Starting from a single domain or organization name we review open source intelligence (OSINT) sources and Internet Wide Scan data to develop an attack surface. That is end points where a targeted attacker would be probing to get access to your systems and data.
The target of this assessment is network resources, systems and endpoints. There is no targeting of organisations members or employees for social engineering purposes.
The report will be delivered as a PDF and a Spreadsheet and contain:
- Discovered Host names
- Discovered IP addresses and Network Blocks
- Discovered open services (from Internet wide Scan Data not active port scans)
- Email addresses found in breach data sets, including details on breach and information compromised
- Metadata from documents, code leaks, S3 Buckets and other information leaks relevant to the organisation
- Related Security & Network Information sourced from open source (OSINT)
Another third party assessment we offer is a focused External Vulnerability Assessment. This involves active vulnerability scanning and validation of the detected vulnerabilities.
Using a combination of manual security analysis and automated reconnaissance tools the site, network and / or systems will be checked for Internet end points. The discovery process uses Internet wide data sets and open source intelligence resources. Results from the automated tools are assessed and used to further expand the attack surface. An easy to follow attack surface report is then compiled to provide an overview of the findings in an understandable format.
Sample Resources used:
- HackerTarget.com IP Tools
- CommonCrawl Website Archive
- Certificate Transparency Logs
- Reverse Whois searches for related domains
- Shodan.io and other Internet Wide Scanners
- Pastebin and other resources used by threat groups
- Search Engines (Google Dorks)
- Twitter / Facebook / Github and other Social Media Platforms
- Metadata leaks in published resources
- Other custom resources and data sets as required
By offering a focused tactical assessment service, we have streamlined the process and eliminated scope creep. Not everyone needs an assessment that takes weeks and costs tens of thousands of dollars. By having a fixed length testing window, the aim is to get an actionable understanding of the organisations Internet facing attack surface.
Rest assured that our focus does not impact our availability to answer your questions before, during and after the assessment.
The report is compiled after analysis of the results from the automated and manual testing. Sections include an overall summary of the endpoints found, a detailed list of discovered assets including recommended remediation of any glaring security issues and an appendix that contains the raw results from the tools that were used during the assessment.
Get in contact with the form below and provide an outline of your requirements. Organisations with a large number of endpoints will inevitably have a wide ranging attack surface. Once we have an idea of the number of Internet facing endpoints we will develop a proposal. Ideal for the CISO looking to get an external review of the attack surface from an adversary's perspective.
Payment is via Credit Card (preferred) or international money transfer to our bank. Once we receive your initial booking we will provide a copy of the terms of the assessment and payment details. Following confirmation of payment, we are ready and will proceed with the assessment at your allotted time. Reports are available within 72 hours.
"Continuously acquire, assess, and take action on new information in order to identify vulnerabilities, remediate, and minimize the window of opportunity for attackers."
– Center for Internet Security Control 4: Continuous Vulnerability Assessment and Remediation
Get Started Here
Complete this form to request an Attack Surface Assessment of your Internet facing systems. We will get back to you within 24 hours with a proposed plan, terms of the service and payment details.
If there are particular systems or networks you would like the assessment to focus on then please detail these requirements. In this case a high level security assessment will be conducted against the target, with focused testing performed against the system or network of particular interest.
With this fixed rate security assessment testing is conducted in a 48 hour window, with report delivered within 72 hours.
Client Requirements:
- You must be the owner of the system or have explicit permission to have a third party security assessment performed against the target organisation.
- An understanding that while we are primarily relying on open source information sources, there is a chance that some requests may access the organisations systems. For example, DNS requests against discovered systems.
Deliverables:
- Detailed Security Report delivered within 72 hours.
- Report to contain discovered results and recommended remediation.
- Follow up questions to be conducted via email.