Discover and Monitor for the Presence of Admin Pages, APIs, Applications, Application Links, Dev Environments, Emails, Errors, Phone Numbers, Tag Management Systems, VPNs in Subdomains

Subdomain takeovers involve another party re-registering stale or abandoned third-party services that once belonged to the respective organization. After taking over these subdomains, these parties can use them to gather information or bypass existing security controls.

Discover, assess, report, and continuously monitor all subdomains susceptible to being taken over.

Layoff chatter should be taken seriously and be addressed in both a technical and non-technical way, as it poses a significant risk to an organization.

DarcSight’s thoughts on risk, third-party risk, grades, and beyond.

ThreatNG’s unique approach to SaaS discovery empowers you to get an inventory of your SaaS applications and overall digital presence for digital risk and external attack surface management.

Our Solution to Empower Organizations to Address What is Relevant and within their Control.

With DarcRadar we empower you to define and measure cyber risk in the context of “your” risk appetite and compare it against industry standards, best practices, and hygiene to address the specific parts of the Attack Surface and Digital Footprint that pose the most risk.

Securing and monitoring digital presence can overwhelming. Once people dig into their digital presence across the dark, deep, and open web, they see how enormous it is and feel lost, hopeless, and ultimately give up on the whole effort. If they do take action, we have seen people employ a whack-a-mole style approach that can be costly and ineffective.  

A new cost-effective approach to digital risk and attack surface management. Your organization spent a chunk of the operating budget on siloed solutions for addressing security and risk across multiple departments but still has to dedicate many hours (if not weeks) to develop a clear picture of your threat and risk posture. Here’s why:

The Technical Attack Surface (currently popularized as the External Attack Surface) references all publicly available data that is revelatory about an organization's IT infrastructure, services, and applications.

With the Technical Attack Surface being connected to vulnerabilities and misconfigurations of applications and IT infrastructure, the Business Attack Surface encompasses everything that is revelatory about the inner workings of an organization.

Coming in at number one of our OSINT Top Ten is Domain Information which includes all Domains, Subdomains, Certificates, Emails, and Permutations/Look-Alikes (Company Names, Domains, and Emails).

It is essential to monitor what is broadcasted on social media for compliant branding, instances of malicious/negative sentiment, and for the appropriate level of information sharing.

Online code repositories such as GitHub have grown to become standard solutions for version control and source code management. These solutions have proven to be easy-to-use but also prone to misconfigurations leading to the exposure of sensitive information (specifically sensitive code).

Today we'll be talking about robots and dorks because at Number Four of the Open Source Intelligence Top Ten (aka OSINT Top Ten) is Search Engine Exploitation.

It is important to examine “The Cloud” (especially vendor offerings like Amazon AWS, Google Cloud Platform, and Microsoft Azure) for anything that can be linked directly to your organization, brand, and offerings: key individuals, locations, domains, products, services, and project names.

More commonly known as "paste sites," these online sharing repositories make it easy to share text from anywhere to anyone.

Monitoring and managing how your organization is presented online and perceived in public digital spaces is an integral part of threat management.

Mismanagement or turning a blind eye to this vital part of an organization's digital presence can lead to brand damage, data leaks, or even possible persistent/ongoing attacks against existing live assets.

Is it true that one can only find dark Elves on the dark web? False, the dark elves we've seen are only in the Marvel Cinematic Universe. But there is information on the dark web that does not exist anywhere else.