functionality_overview
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
functionality_overview [2023/01/28 14:32] kaduuwikiadmin |
functionality_overview [2023/05/22 20:40] (current) |
||
|---|---|---|---|
| Line 356: | Line 356: | ||
| ---- | ---- | ||
| - | ====== Ransomware Site Monitoring ====== | + | ===== Ransomware Site Monitoring ===== |
| **Introduction** | **Introduction** | ||
| Line 382: | Line 383: | ||
| - | ====== Bot Monitoring ====== | + | ===== Bot Monitoring ===== |
| **What is a bot or a botnet?** | **What is a bot or a botnet?** | ||
| Line 477: | Line 479: | ||
| + | ---- | ||
| + | |||
| + | ===== E-Mail Monitoring ===== | ||
| + | |||
| + | |||
| + | **Introduction** | ||
| + | |||
| + | A phishing attack against your employees is usually preceded by a short phase of reconnaissance of the targets. In targeted spear phishing attacks, fraudsters often take data from employees’ social media profiles. There are also email lists offered in hacker forums, and lastly, there are a number of hacking tools that search the Internet and Dark Web for information on the targets. | ||
| + | |||
| + | Higher-ranking CEOs & C-suite executives are usually more exposed to the public (their profile can often be found on the organization’s website), making them easier targets. For all other departments and employee types, it is difficult to assess the steps an attacker has to take to gather the information they need to reach their target. Only if you venture to perform the same information gathering as the hacker, can you assess the risk of your employees getting exposed to phishing attacks. The greater an employee’s exposure on the Internet or Dark Web, the higher the likelihood of them becoming a victim of a social engineering attack, like phishing. Employees who register with their names and business email accounts on private websites put the whole organization at risk as this gives the hacker a bigger attack surface. | ||
| + | |||
| + | **What is monitored? | ||
| + | |||
| + | In Kaduu, we measure each employee’s exposure on the Internet and note where indications of activities related to the specific email account can be found. We try to find the employee’s email address on the Internet, Deep Web or Dark Net and list the according email references from the websites where we found the account. We then try to investigate how often the email is referenced in different unique sources. The more sources, the bigger the exposure. | ||
| + | |||
| + | **What is the benefit?** | ||
| + | |||
| + | Everything that helps you reduce your attack surface can also limit future breaches. If you find any employee’s business email account on private websites, you will be able to create targeted user awareness training that helps them understand the consequences of such an exposure. | ||
| + | |||
| + | **How does it work?** | ||
| + | |||
| + | We have two type of searches: | ||
| + | |||
| + | * (1) Database search: Kaduu runs a crawler in the background collecting any email adress it finds. This crawler is not looking for any specific email domain, but collects everything. Therefore the data set might be very limited to a specific account. | ||
| + | * (2) External Search: The external Search will connect to an external authenticated API that will query specificly the domain you entered. You will find more results using the external search. | ||
| + | |||
| + | In both cases you need to enter the company domain with the syntax " | ||
| + | |||
| + | ---- | ||
| + | |||
| + | |||
| + | ===== Discord Monitoring ===== | ||
| + | |||
| + | |||
| + | Discord is a popular communication platform designed for online communities and gamers. It offers a variety of features including text, voice and video chat, file sharing, and gaming integrations. Discord is available as a browser-based web app, a desktop app for Windows, MacOS, Linux and as mobile apps for iOS and Android. The platform allows users to create and join virtual servers (also called " | ||
| + | |||
| + | **How is Discord used by hackers?** | ||
| + | |||
| + | Discord can be used by hackers in various ways, including: | ||
| + | |||
| + | * Sharing hacking tools and tutorials: Discord servers can be used as platforms to share hacking tools and tutorials with other individuals. | ||
| + | * Coordinating attacks: Hackers can use Discord channels to coordinate and execute attacks on websites, networks, or other targets. | ||
| + | * Phishing and scamming: Hackers may use Discord to phish personal information or scam users through fake giveaways or other deceitful means. | ||
| + | * Spreading malware: Hackers can spread malware through links or files shared on Discord servers, infecting other users' devices. | ||
| + | |||
| + | **How many channels exist?** | ||
| + | |||
| + | It's not possible to determine the exact number of Discord channels that exist, as the platform allows for an unlimited number of servers and channels to be created. The number of Discord channels continues to grow as new servers are created and existing servers add new channels. Discord has over 150 million monthly active users, so there are likely a large number of channels across all the servers on the platform. | ||
| + | |||
| + | **What channels do we monitor?** | ||
| + | |||
| + | * " | ||
| + | * " | ||
| + | * " | ||
| + | * "A9 Market": | ||
| + | * "Rent 8 hacker": | ||
| + | * " | ||
| + | * " | ||
| + | * " | ||
| + | * "Evil Empire": | ||
| + | * "Alka Tim": https:// | ||
| + | * "Dark Matter Market": | ||
| + | * " | ||
| + | * "Anon Cyber Team": https:// | ||
| + | * " | ||
| + | * " | ||
| + | * " | ||
| + | * " | ||
| + | * and many more | ||
| + | |||
| + | |||
| + | ---- | ||
| + | |||
| + | ===== Passive Vulerability Detection ===== | ||
| + | |||
| + | In Kaduu we use a passive vulnerability detection approach. Passive Vulnerability Detection and Active Vulnerability Detection are two methods used to identify security vulnerabilities in a network or system. | ||
| + | |||
| + | * Passive Vulnerability Detection is a method of identifying vulnerabilities without actively interacting with the system or network being tested. This is typically done by analyzing system logs, network traffic, or other passively generated data. In case of Kaduu we query databases in the deep web that may contain data on the target. The advantage of passive vulnerability detection is that it doesn' | ||
| + | * | ||
| + | * Active Vulnerability Detection, on the other hand, involves actively interacting with the system or network being tested to identify vulnerabilities. This typically involves running scans, probes, or penetration tests to identify potential security weaknesses. The advantage of active vulnerability detection is that it can provide a more comprehensive view of the system' | ||
| + | |||
| + | **How to use this feature?** | ||
| + | |||
| + | For the infrastructure search we need the domain (example.com and not www.example.com) as input. You can't search for IP's or other elements, because based on the domain we first find out via databases, which subdomains all belong to the main domain. We get data from Dnsdumpster, | ||
| + | |||
| + | |||
| + | **How do we present the data?** | ||
| + | |||
| + | For every host we find we do a reverse DNS lookup and query databases like Shodan in order to find information about open ports, used applications or vulnerabilities (CVE). | ||
functionality_overview.1674912726.txt.gz · Last modified: 2023/05/22 20:40 (external edit)
Page Tools
