Attack Surface Assessments
We create a full digital footprint of your organisation from a hacker's perspective.
The target of this assessment is network resources, systems and endpoints. There is no targeting of organisations members or employees for social engineering purposes.
DNS: Discovered Host names
- Virtual Hosts
- Mail Servers
- Subdomains
- Name Servers
Discovered IP addresses and Network Blocks
- Map IP Address Data
- Autonomous Systems
- Network Subnet
(public IP ranges)
Discovered open services (from Internet wide Scan Data not active port scans)
- Network Service banners
- Software Versions
- Operating Systems
Related Security & Network Information sourced from open source (OSINT)
- Publicly Available Email addresses
- Public breach Data
- Social Media
This non-invasive assessment can be used against third parties to review vendor and partner security posture.
Using a combination of manual security analysis and automated reconnaissance tools the site, network and / or systems
will be checked for Internet end points. The discovery process uses Internet wide data sets and open source
intelligence resources. Results from the automated tools are assessed and used to further expand the attack surface.
An easy to follow attack surface report is then compiled to provide an overview of the findings in an understandable
format.
An asset register is an essential security control. If you don't know your assets you can't secure your
organisation. This assessment is an excellent starting point to create an asset register.