Unauthenticated Asset Discovery

U
Written By Threat NG Staff

Unauthenticated asset discovery is a cybersecurity process involving identifying and mapping an organization's digital assets without using login credentials or authentication methods.

Here's a more detailed explanation:

  • No Credentials Required: The discovery process does not use usernames, passwords, API keys, or any other form of authentication to access the discovered systems.

  • External Perspective: It operates from an outsider's viewpoint, focusing on assets that are publicly accessible via the internet.

  • Discovery Techniques: It uses techniques that do not require authorization, such as:

    • OSINT (Open Source Intelligence): Gathering information from publicly available sources like DNS records, websites, and search engines.

    • Network Scanning: Probing for open ports and accessible services without authentication.

    • Web Crawling: Exploring websites to find publicly accessible content and links.

  • Focus on Accessibility: The primary goal is identifying assets an attacker could find and access without special privileges.

This approach is valuable for security because it:

  • Simulates Attacker Behavior: It reveals the attack surface visible to any attacker on the internet.

  • Uncovers Public Exposures: It can help find unintentionally exposed systems or data.

  • Reduces Reliance on Internal Knowledge: It doesn't require prior knowledge of internal credentials or configurations.

ThreatNG is a comprehensive platform that offers significant advantages for organizations seeking to manage their external attack surface. It provides a suite of features that deliver robust security insights.

External Discovery

  • ThreatNG's external discovery is a key strength. It uses a "seedless" approach, enabling it to perform purely external unauthenticated discovery using only a domain and organization name.

  • This is highly beneficial because it eliminates the need for organizations to input or maintain a list of their external assets manually. ThreatNG automatically identifies and maps your external footprint, uncovering assets you might be unaware of.

External Assessment

ThreatNG's external assessment capabilities provide detailed insights into various risk areas:

  • Web Application Hijack Susceptibility: ThreatNG analyzes your web applications to find weaknesses that could allow attackers to take control.

    • For example, it assesses login pages for vulnerability to credential stuffing and checks for Cross-Site Scripting (XSS) attacks.

  • Subdomain Takeover Susceptibility: It assesses the risk of attackers taking over your subdomains.

    • This involves comprehensively analyzing your website's subdomains, DNS records, and SSL certificate statuses.

  • BEC & Phishing Susceptibility: ThreatNG evaluates your vulnerability to Business Email Compromise (BEC) and phishing attacks.

    • It considers factors like sentiment, financial data, the risk of domain impersonation (using Domain Intelligence), and compromised credentials on the dark web.

  • Brand Damage Susceptibility: ThreatNG assesses the risk to your brand's reputation.

    • It analyzes various factors, including your attack surface, digital risk, ESG violations, public sentiment, and the potential for domain impersonation.

  • Data Leak Susceptibility: ThreatNG evaluates your risk of data leaks.

    • It examines your cloud and SaaS exposure, dark web presence (for compromised credentials), domain intelligence, and financial/legal disclosures.

  • Cyber Risk Exposure: ThreatNG calculates your overall cyber risk.

    • This includes parameters our Domain Intelligence module covers, including certificates, subdomain headers, vulnerabilities, and sensitive ports, to determine cyber risk exposure. It also factors in code secret exposure, cloud and SaaS Exposure, and compromised credentials on the dark web.

  • ESG Exposure: ThreatNG assesses your vulnerability to Environmental, Social, and Governance (ESG) risks.

    • It analyzes media coverage sentiment and financial findings to highlight Competition, Consumer, Employment, Environment, Financial, Government Contracting, Healthcare, and Safety-related offenses.

  • Supply Chain & Third-Party Exposure: ThreatNG helps you understand risks from your vendors.

    • It derives this from Domain Intelligence (Enumeration of Vendor Technologies from DNS and Subdomains), Technology Stack, and Cloud and SaaS Exposure.

  • Breach & Ransomware Susceptibility: ThreatNG evaluates your likelihood of experiencing a data breach or ransomware attack.

    • It calculates this based on external attack surface and digital risk intelligence, which includes domain intelligence (exposed sensitive ports, exposed private IPs, and known vulnerabilities), dark web presence (compromised credentials, ransomware events, and gang activity), and sentiment and financials (SEC Form 8-Ks).

  • Mobile App Exposure: ThreatNG analyzes your mobile apps for security issues.

    • It discovers them in marketplaces and examines them for access credentials, security credentials, and platform-specific identifiers.

  • Positive Security Indicators: Importantly, ThreatNG also identifies and highlights your security strengths, such as the presence of Web Application Firewalls or multi-factor authentication.

Reporting

ThreatNG delivers a variety of reports to meet different needs:

  • Executive summaries

  • Technical reports

  • Prioritized risk lists

  • Security ratings

  • Inventory reports

  • Ransomware susceptibility reports

  • SEC filings analysis

These reports are enhanced with a built-in knowledge base that provides:

  • Risk levels to help organizations prioritize their security efforts

  • Reasoning behind the findings

  • Recommendations for remediation

  • Links to further information

Continuous Monitoring

ThreatNG continuously monitors your external attack surface, digital risks, and security ratings, providing ongoing awareness of your security posture.

Investigation Modules

ThreatNG's investigation modules provide robust solutions for in-depth analysis:

  • Domain Intelligence: This module offers a wealth of information about your domains:

    • Domain Overview (Digital Presence Word Cloud, Microsoft Entra Identification and Domain Enumeration, Bug Bounty Programs, and related SwaggerHub instances)

    • DNS Intelligence (Domain Record Analysis, Domain Name Permutations, and Web3 Domains)

    • Email Intelligence (Security Presence, Format Predictions, and Harvested Emails)

    • WHOIS Intelligence (WHOIS Analysis and Other Domains Owned)

    • Subdomain Intelligence (extensive details about subdomains, technologies used)

    • IP Intelligence (IP information)

    • Certificate Intelligence (TLS Certificates and Associated Organizations)

    • Social Media (organization's posts)

  • Sensitive Code Exposure: This module discovers public code repositories and identifies exposed credentials, API keys, and other secrets.

    • For example, it can find hardcoded AWS credentials in a GitHub repository.

  • Mobile Application Discovery: This module discovers your mobile apps in marketplaces and analyzes them for security vulnerabilities, including the presence of Access Credentials, Security Credentials, and Platform Specific Identifiers.

    • For instance, it can detect hardcoded API keys within a mobile app.

  • Search Engine Exploitation: This module helps users investigate an organization’s susceptibility to exposing information via search engines. It discovers Website Control Files (Robots.txt and Security.txt) and Search Engine Attack Surface.

  • Cloud and SaaS Exposure: This module identifies your sanctioned and unsanctioned cloud services, potential cloud service impersonations, and SaaS implementations.

  • Online Sharing Exposure: This module identifies your presence within online Code-Sharing Platforms.

  • Sentiment and Financials: This module provides information on organizational lawsuits, layoff chatter, SEC Filings, and ESG Violations.

  • Archived Web Pages: This module identifies various archived files and data related to the organization's online presence.

  • Dark Web Presence: This module tracks organizational mentions on the dark web, associated ransomware events, and compromised credentials.

  • Technology Stack: This module identifies the technologies used by the organization under investigation.

Intelligence Repositories

ThreatNG uses a wealth of intelligence repositories to enrich its analysis:

  • Dark web data

  • Compromised credentials

  • Ransomware information

  • Vulnerability data

  • ESG violation records

  • Bug bounty programs

  • SEC filings

  • Mobile app data

Working with Complementary Solutions

ThreatNG integrates with other security tools to enhance your overall security posture:

  • SIEM (Security Information and Event Management) systems: You can feed ThreatNG's findings into your SIEM to correlate external risks with internal events.

    • For example, if ThreatNG detects compromised credentials, your SIEM can monitor for suspicious logins.

  • Vulnerability Management Tools: ThreatNG's external vulnerability assessments complement internal scanning.

    • For example, ThreatNG might identify an exposed web application, and your vulnerability scanner can then perform a deeper analysis.

  • SOAR (Security Orchestration, Automation, and Response) Platforms: You can use ThreatNG's data to automate security responses.

    • For instance, if ThreatNG detects a potential phishing domain, your SOAR platform can block it.

  • Identity and Access Management (IAM) Systems: You can integrate ThreatNG's compromised credential detection to trigger actions like password resets.

By providing comprehensive external visibility, detailed risk assessments, and seamless integration, ThreatNG is a valuable solution for proactive security management.

Threat NG Staff
Previous

Attacker-Centric Discovery
Next

Dynamic Attack Surface Monitoring