Dark Web Monitoring

Dark Web Monitoring: Securing Your External Attack Surface

In today’s digital era, data breaches and cyber-attacks are increasing day by day, and with the increasing amount of data being stored and transmitted online, the threat is real. Hackers and cybercriminals are constantly looking for vulnerabilities to exploit in your organization’s system. With the advent of the dark web, a new type of marketplace for hackers has emerged. Here, they can buy and sell stolen data, tools, and services, making it even easier for them to launch an attack. In this article, we will discuss what dark web monitoring is and how it can help secure your external attack surface.

(more…)

Passive Attack Surface Reconnaissance

Passive Reconnaissance Techniques For Penetration Testing

As a top ranked bug bounty researcher and Sr. Penetration Tester, I’ve discovered some critical vulnerabilities without ever directly accessing or scanning the target in question. These vulnerabilities are typically found by querying 3rd party services to discover cached and historic URL’s from a target and searching interesting URL’s. In some cases, this has lead me to discover critical “0day” vulnerabilities in commercial security products, Corporate owned websites and online services. In this blog post, I’ll discuss the methodology and step-by-step process used to find these vulnerabilities and how we can leverage tools like Sn1per Professional to assist us.

(more…)