top of page
splashing-splash-aqua-water-67843_edited_edited.jpg

Hostile Cyber Recon Assessment

Assessment of your wider attack surface, from an external perspective, which mimics any initial reconnaissance activities that may precede a cyber attack or breach.  Focuses on data and vulnerability exposure – as discovered outside of the client IT environment, and takes the perspective of a determined threat actor who performs reconnaissance in order to gain a foothold into the organisation from which further attacks can take place.​ 

Our service is unique and undertaken by humans, as opposed to just using automated tools. We look for the relevance of findings to your organisation and provide a tailored approach.

 

The principal benefit is to strengthen your security posture by reducing the likelihood of the success of any pre-attack recon activity and reduce the effect of such activities which normally go undetected by any security tooling and methods. An organisation could have extremely effective security controls on their digital assets, but have little visibility and alerting on any leaked data on the public domain.

Reconnaissance activities usually precede more serious cyber incidents and often do not require a high level of technical skill which makes the risk of discovery and subsequent exploitation very high.

 

Most identified vulnerabilities can largely be remedied with a minimal effort resulting in a significant reduction of risk. This service can be used before any future red team exercise or penetration test.

download (3)_edited_edited_edited_edited_edited.jpg

Basic Service

  • Client-owned web application search engine analytics (e.g. backlinks, referrer domains and IP addresses)

  • Malicious domain name registrations and available domains that should be bought to reduce the risk of future malicious use.

  • Exposed credentials

  • Sensitive information exposure within documents

  • Open ports and services on client servers and applications

  • Application version exposure, highlighting those that are unpatched 

  • FTP/RSYNC/SMB and other connected storage devices

  • Cloud buckets

  • Physical site risks from maps, public web cams, two-way radio use, crypto miners and SDR servers

  • Website and email communication misconfigurations

  • Username and application enumeration 

  • SSL vulnerabilities

  • Social media

  • Clear-net sites including paste sites and Github

  • Hack forums and chats

  • Dark net markets, forums and sites

  • Data leak sites

  • P2P torrents

  • Bids and tenders

  • Vendor case studies and bug bounty sites

  • Cached websites

high-tech-electronic-circuit-board-vector-20464567_edited.jpg

Advanced Service

  • Leaked credential analysis: breach dates, staff names and passwords compromised

  • Specific staff social media exposure analysis

  • Supplier/Partner/Vendor data exposure

Typically takes 15 days. A will report will be produced which contains full details of issues discovered along with reproduction steps and remediation recommendations.

Stipula_fountain_pen_edited.jpg

Bespoke

We can do bespoke work - please contact us and we will be happy to help.

Molecules Bio_edited.jpg

Pricing

Specific charities/non-profits (contact us to check)                      £ FREE

bottom of page