THE ATTACKERS PERSPECTIVE

Attack Surface Assessment

Using open source intelligence (OSINT) we map your organisations network and compile a detailed report. By using Internet Wide Scan Data there is zero impact on your network.

Book your Assessment

Exposure insights

Attackers have this intelligence. Do you?

Thorough Analysis

Get a clear snapshot of your external vulnerabilities.

Streamlined Process

Focused on what matters. Clear and Accurate Results.

Expert Consultation

Independent assessment from a Senior Security Analyst.

Get a Quote

Single Review

From $2000 USD

Zero Impact on Target
Fixed Price Security Assessment
Fast turn around available (72 hrs)
Clear results from the attackers perspective
Compare results with Asset Register
Custom Options Available

GET STARTED HERE

Quarterly Review

From $6000 USD

Attack Surface Analysis x4 (Quarterly)
Hassle Free Regular Assessments
Monitor Ongoing System Changes
Clear results from the attackers perspective
Compare results with Asset Register
Custom Options Available

GET STARTED HERE

Some Common Questions

Typical clients include both Enterprise and Small / Medium Enterprises (SME), anyone with more than a handful of Internet facing services will get immediate value from this type of assessment. Starting from a single domain or organization name we review open source intelligence (OSINT) sources and Internet Wide Scan data to develop an attack surface. That is end points where a targeted attacker would be probing to get access to your systems and data.

The target of this assessment is network resources, systems and endpoints. There is no targeting of organisations members or employees for social engineering purposes.

An attacker targeting your organisation has access to this intelligence. Do you?

The report will be delivered as a PDF and a Spreadsheet and contain:

Discovered Host names
Discovered IP addresses and Network Blocks
Discovered open services (from Internet wide Scan Data not active port scans)
Email addresses found in breach data sets, including details on breach and information compromised
Metadata from documents, code leaks, S3 Buckets and other information leaks relevant to the organisation
Related Security & Network Information sourced from open source (OSINT)

Another third party assessment we offer is a focused External Vulnerability Assessment. This involves active vulnerability scanning and validation of the detected vulnerabilities.

Our professional assessment services are popular with anyone who wants an independent third party review of their security posture. Clients are based around the world and vary from small business to large enterprises.

Of course! Agencies and consultants can use this service to perform security reviews of clients organisations. A value added service for your IT consulting or managed services.

Using a combination of manual security analysis and automated reconnaissance tools the site, network and / or systems will be checked for Internet end points. The discovery process uses Internet wide data sets and open source intelligence resources. Results from the automated tools are assessed and used to further expand the attack surface. An easy to follow attack surface report is then compiled to provide an overview of the findings in an understandable format.

Sample Resources used:

HackerTarget.com IP Tools
CommonCrawl Website Archive
Certificate Transparency Logs
Reverse Whois searches for related domains
Shodan.io and other Internet Wide Scanners
Pastebin and other resources used by threat groups
Search Engines (Google Dorks)
Twitter / Facebook / Github and other Social Media Platforms
Metadata leaks in published resources
Other custom resources and data sets as required

With years of experience in both commercial and government environments our experts have a deep knowledge of adversary tactics and techniques. All security assessments are performed by a Certified Senior Security Analyst. Industry standard qualifications include GIAC (Global Information Assurance Certification) from the Sans Institute.

If you cannot afford the cost of a manual assessment you may like to try our automated DIY services. We have hosted open source vulnerability scanners and reconnaissance tools that can be run manually by members of your team. This involves planning your testing, receiving the raw results from our scanning tools, analysis and validation of those results.

By offering a focused tactical assessment service, we have streamlined the process and eliminated scope creep. Not everyone needs an assessment that takes weeks and costs tens of thousands of dollars. By having a fixed length testing window, the aim is to get an actionable understanding of the organisations Internet facing attack surface.

Rest assured that our focus does not impact our availability to answer your questions before, during and after the assessment.

The report is compiled after analysis of the results from the automated and manual testing. Sections include an overall summary of the endpoints found, a detailed list of discovered assets including recommended remediation of any glaring security issues and an appendix that contains the raw results from the tools that were used during the assessment.

Get in contact with the form below and provide an outline of your requirements. Organisations with a large number of endpoints will inevitably have a wide ranging attack surface. Once we have an idea of the number of Internet facing endpoints we will develop a proposal. Ideal for the CISO looking to get an external review of the attack surface from an adversary's perspective.

Payment is via Credit Card (preferred) or international money transfer to our bank. Once we receive your initial booking we will provide a copy of the terms of the assessment and payment details. Following confirmation of payment, we are ready and will proceed with the assessment at your allotted time. Reports are available within 72 hours.

"Continuously acquire, assess, and take action on new information in order to identify vulnerabilities, remediate, and minimize the window of opportunity for attackers."
– Center for Internet Security Control 4: Continuous Vulnerability Assessment and Remediation

Get Started Here

Complete this form to request an Attack Surface Assessment of your Internet facing systems. We will get back to you within 24 hours with a proposed plan, terms of the service and payment details.

If there are particular systems or networks you would like the assessment to focus on then please detail these requirements. In this case a high level security assessment will be conducted against the target, with focused testing performed against the system or network of particular interest.

With this fixed rate security assessment testing is conducted in a 48 hour window, with report delivered within 72 hours.

Attack Surface Assessment

Client Requirements:

You must be the owner of the system or have explicit permission to have a third party security assessment performed against the target organisation.
An understanding that while we are primarily relying on open source information sources, there is a chance that some requests may access the organisations systems. For example, DNS requests against discovered systems.

Deliverables:

Detailed Security Report delivered within 72 hours.
Report to contain discovered results and recommended remediation.
Follow up questions to be conducted via email.

Network

Web

CMS Apps

Recon

Network Tests

DNS Queries

IP Address

Web Tools

Blog

Most Popular

Attack Surface Assessment

Get a Quote

Some Common Questions

What are the typical targets of this assessment service?

Who uses these Security Assessment Services?

Can I get an assessment against client systems?

What are the testing methods used?

Who performs the security assessment?

What if my budget is limited?

Why is the service so cheap?

What does the report include?

We have a large network are you able to perform longer engagements?

How does the payment system work?

Get Started Here

Client Requirements:

Deliverables: