Determine Attack Surface (OSINT)

What traces does your company leave on the internet? Even in the darker corners? We collect as much technical information as possible about your company. This is also called Open Source Intelligence (OSINT). The goal is to map the attack surface exposed via the internet—vulnerabilities are not identified in this process.

Why Determine the Attack Surface

s

Our key reasons for determining the attack surface:

  • Gain an overview of the external attack surface
  • Highlight implications of unconscious handling of published information
  • Reduce attack surface to minimize risks from zero days in components that don’t need to be accessible via the internet

 

When to Determine the Attack Surface

In our view, the best times are:

  • If you want to find out as a first step what is visible about your company on the internet
  • Regularly, to check whether the attack surface has changed (unintentionally)

 

Results

i

Typical results when determining the attack surface include:

  • Possibly surprises about which systems and services are accessible
  • Organized presentation of technical information visible externally about your company (e.g., IP ranges, domains, email addresses, cloud resources such as S3 buckets in AWS and storages/blobs in Azure)
  • Breached credentials, i.e., login credentials of your company/employees circulating on the internet
  • Analysis of your company website and company presence on social media platforms regarding the usability of information for attacks
  • A picture of what external attackers perceive about you and where they might start, so you can implement targeted protective measures

 

What we need from you

To determine the attack surface, we need from you:

  • Your order; beyond that, no input from you is typically required
  • By default, we start our research based on the email address you used to order—feel free to let us know if you have different preferences

 

Book a free initial consultation now

Whether it’s a pentest, red teaming, or “something in between”—
we look forward to talking to you!

Contact
Configurator