Digital Footprinting
What is Digital Footprinting?
Any activity that you do online is recorded somewhere, which collectively develops a Digital Footprint. Such footprints are often used by attackers to gather initial information about your organization before establishing specific targets.
Digital footprints are unavoidable and not necessarily a risk in themselves. If, however, no care is taken while exposing sensitive information online, several doors open up for malicious attacks. It is, hence, extremely crucial to shield your digital footprint from prying eyes.
What we offer?
If digital footprint assessment does not feature in your cybersecurity plans, you may lose the battle to hackers who can, with little effort, find sensitive information and use it to gain undetectable access to your internal infrastructure. To prevent this, Intellisec Solutions’s Digital Footprint assessment tests help you answer the following crucial aspects:
- Whether you have control over your corporation’s sensitive information and how much
- Whether your corporation’s passwords and other private information is leaked anywhere
- Whether you are in control of your domains and sub-domains
If you are on a shoestring budget and cannot afford a full-fledged red teaming exercise, Intellisec Solutions’s Digital Footprint assessments are the first step to consider. They will develop for you a hacker’s view of your corporation, which exposes security areas that hackers can exploit during a malicious activity. This information can be used to selectively safeguard vulnerable areas of your organization. This approach has two advantages – it costs little to get started and acts as a pilot project to define the scope of your penetration testing effort.
Our Methodology
Our step-by-step approach towards digital footprint assessment includes the following key aspects.
At the onset, Intellisec Solutions collects all publicly available information on your corporation with the help of numerous OSINT (Open Source Intelligence) tools and techniques. This data is used to assess the current state of affairs and acts as a foundation for accurate risk assessment at later stages of our engagement. The more the information we gather in this phase, the more attack vectors we can use in the future.
The gathered intelligence includes data on the lines of
- Credentials leaks
- List of sub-domains with outdated software version or exploitable systems
- Information about the infrastructure used by the corporation
- Third-party hosting information
- List of available emails with phishing risk
- Sensitive information about key players such as C-level executives and other board members
- Cloud services mis-configurations
- Unsecure Internet of things devices
- Leaked API keys
Formulating A Hacker’s View
After the information collection phase, we obtain a detailed Hacker’s View. For this, we employ semi-passive information gathering techniques in which methods similar to regular internet traffic and behavior are used. Intellisec Solutions does not actively seek and exploit vulnerabilities, but gathers information available via regular internet traffic and gives you an overview of public information that would be of interest to malicious hackers.
The following actions are performed during this step.
Technical reconnaissance
Some of the technical reconnaissance activities are the following:
- Assets enumeration (IP addresses, domains, subdomains, Web applications, interesting Web pages and services…)
- Checking low-hanging fruit vulnerabilities (subdomain takeover, CORS misconfigurations, exposed vulnerable services, outdated services with known vulnerabilities…)
- Collecting documents and analyzing their metadata
- Manual review of all findings
- Summary of data found and how it could be relevant to attackers
Corporate reconnaissance
Some of the corporate reconnaissance activities are the following:
- Listing of organizations, divisions and acquisitions
- Listing and reviewing social media accounts
- Collecting information on company culture (pictures, job offers, employee blogs, Youtube videos, etc)
- Summary of interesting information found and what an attacker can do with it (e.g. recreating corporate badges based on social media pictures)
- Leaked data in the Dark web
Employee reconnaissance
Some of the employee reconnaissance activities are the following:
- Building a list of employees through LinkedIn and client websites
- Identifying interesting employee profiles
- Looking for sensitive information of these employees (E.g. source code on deverlopers’ Github repositories, signatures of Chairperson, passwords on social media pictures, etc)
- Identifying leaked data including emails, passwords, password hashes, usernames & IP addresses
- Building a list of emails from 3 sources: public, leaked and emails guessed based on the list of employees
- Summary of which employee information an attacker can collect from public sources and how they can exploit it