External Attack Surface Management with Sn1per Enterprise

External Attack Surface Management with Sn1per

In the world of cybersecurity, it’s important to constantly be on the lookout for new threats. One way to do this is by keeping an eye on your organization’s external attack surface. Your external attack surface is the sum total of all the ways a hacker could potentially gain access to your systems—and it’s always changing. That’s why external attack surface management is so important. By monitoring your external attack surface and making sure it’s as secure as possible, you can help protect your organization from a wide range of cyber threats.

(more…)

Sn1per SE v10.2 Update

Sn1per Scan Engine v10.2 Released!

Sn1per SE (Scan Engine) v10.2 is now available with a ton of new features and improvements. This update is part of the Sn1per SE development branch which is available to Sn1per Professional v10.0 and Sn1per Enterprise customers. If you are a previous customer (ie. Sn1per Professional v9.0 or less) or if you use the Community Edition available on Github, you will need to purchase a Sn1per Professional v10.0 license to download and receive updates.

(more…)

Sn1per Professional v9.1 Update

Sn1per Professional v9.2 SE Update Released!

Sn1per Professional v9.2 Scan Engine (SE) update is now available for Sn1per Professional v9.0 customers with a ton of new features and improvements! This update is part of the new private development branch (Sn1per Professional SE) which is exclusively available only to Sn1per Professional v9.0 customers. If you are a previous customer (ie. Sn1per Professional v8.0 or less) or if you use the Community Edition available on Github, you will need to purchase a Sn1per Professional v9.0 license to download and receive scan engine updates.

(more…)

Passive Attack Surface Reconnaissance

Passive Reconnaissance Techniques For Penetration Testing

As a top ranked bug bounty researcher and Sr. Penetration Tester, I’ve discovered some critical vulnerabilities without ever directly accessing or scanning the target in question. These vulnerabilities are typically found by querying 3rd party services to discover cached and historic URL’s from a target and searching interesting URL’s. In some cases, this has lead me to discover critical “0day” vulnerabilities in commercial security products, Corporate owned websites and online services. In this blog post, I’ll discuss the methodology and step-by-step process used to find these vulnerabilities and how we can leverage tools like Sn1per Professional to assist us.

(more…)

Sn1per Professional Continuous Attack Surface Testing

Attack Surface Management With Sn1per Professional

External Attack Surface Management (EASM) has become a crucial function for every organization to gain visibility of their perimeter security. Having the right tools and processes in place is vital to detecting new vulnerabilities before attackers do. In this blog post, we will outline the basic steps for discovering the attack surface with Sn1per Professional.

(more…)