My DokuWiki

User Tools

Site Tools

Trace:
start

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
start [2023/06/04 18:11]
kaduuwikiadmin 		start [2025/04/14 11:22] (current)
kaduuwikiadmin [RANSOMWARE MONITORING]
Line 1: Line 1:
-====== WIKI DIRECTORY ======+====== MAIN WIKI KADUU.IO ====== 
  
 Welcome to Kaduu Wiki. Kaduu is a SaaS based platform offering Darknet & Deep Web monitoring. You can find more information about the product here [[https://kaduu.io|https://kaduu.io]]. Please find below technical articles about our various features. If you have any questions, please contact support@kaduu.io.   Welcome to Kaduu Wiki. Kaduu is a SaaS based platform offering Darknet & Deep Web monitoring. You can find more information about the product here [[https://kaduu.io|https://kaduu.io]]. Please find below technical articles about our various features. If you have any questions, please contact support@kaduu.io.  
Line 8: Line 9:
 ===== FUNCTIONALITY:PREVENT ATTACKS ===== ===== FUNCTIONALITY:PREVENT ATTACKS =====
  
-In today's interconnected world, organizations are prime targets for cyberattacks, with phishing and malware attacks being among the most prevalent. Early detection is key, and our Threat Intelligence Product enables precisely that.\\ + 
-Cyber attackers often employ strategies like typo squatting, a tactic where they register domains that closely resemble legitimate ones. An example would be an attacker targeting a bank and registering a domain like 'www.bannkofexample.com'. At a quick glance, your customers or employees might not spot the difference, thus falling prey to the attacker's tactics. +In today's interconnected world, organizations are prime targets for cyberattacks, with phishing and malware attacks being among the most prevalent. Early detection is key, and our Threat Intelligence Product enables precisely that.\\\\ 
-That's where our Threat Intelligence Product steps in. It vigilantly monitors all new global domain registrations for similarities to your own. This proactive approach helps identify potential threats at their genesis, allowing you to thwart an attack before it materializes. + 
-However, attackers can be crafty, often embedding your organization's name within a subdomain or a directory. For instance, they might use URLs like 'www.randomsite.com/yourbankname' or 'yourbankname.fakesite.org'. Such subtle incorporations are designed to exploit human oversight and amplify the attacker's success rate. +Cyber attackers often employ strategies like typo squatting, a tactic where they register domains that closely resemble legitimate ones. An example would be an attacker targeting a bank and registering a domain like 'www.bannkofexample.com'. At a quick glance, your customers or employees might not spot the difference, thus falling prey to the attacker's tactics.\\\\ 
-Our product enhances your defense by not only tracking domain registrations but also by monitoring SSL Transparency logs, allowing you to also detect your domain name within the subdomain part of a malicious URL. SSL Transparency logs are public records maintained by SSL providers detailing each SSL certificate issued. Scrutinizing these logs aids in unmasking potential hidden threats lurking in the subdomains. + 
-Further fortifying your cyber defense, our product integrates information from resources like PhishTank, OpenPhish and similar sources. These repositories maintain a global database of URLs reported for phishing or disseminating malware, allowing us to also detect your company or brand name within a directory of a URL.+That's where our Threat Intelligence Product steps in. It vigilantly monitors all new global domain registrations for similarities to your own. This proactive approach helps identify potential threats at their genesis, allowing you to thwart an attack before it materializes.\\\\ 
 + 
 +However, attackers can be crafty, often embedding your organization's name within a subdomain or a directory. For instance, they might use URLs like 'www.randomsite.com/yourbankname' or 'yourbankname.fakesite.org'. Such subtle incorporations are designed to exploit human oversight and amplify the attacker's success rate.\\ 
 + 
 +Our product enhances your defense by not only tracking domain registrations but also by monitoring SSL Transparency logs, allowing you to also detect your domain name within the subdomain part of a malicious URL. SSL Transparency logs are public records maintained by SSL providers detailing each SSL certificate issued. Scrutinizing these logs aids in unmasking potential hidden threats lurking in the subdomains.\\\\ 
 + 
 +Further fortifying your cyber defense, our product integrates information from resources like PhishTank, OpenPhish and similar sources. These repositories maintain a global database of URLs reported for phishing or disseminating malware, allowing us to also detect your company or brand name within a directory of a URL.\\ 
 By amalgamating these varied sources of intelligence, our product provides you with comprehensive, real-time visibility into potential cyber threats.  By amalgamating these varied sources of intelligence, our product provides you with comprehensive, real-time visibility into potential cyber threats. 
  
  
-''**PASSIVE DOMAIN RESEARCH IN EXPERT MODE**''+==== PASSIVE DOMAIN RESEARCH IN EXPERT MODE ==== 
   * [[Domain Database Search]]   * [[Domain Database Search]]
   * [[Domain Info Lookup]]   * [[Domain Info Lookup]]
   * [[Creating alerts based on your search]]   * [[Creating alerts based on your search]]
  
-''**ACTIVE DOMAIN RESEARCH**''+==== ACTIVE DOMAIN RESEARCH ==== 
 + 
 +Passive Domain monitoring involves monitoring publicly available databases of registered domains. However, since ccTLDs are not obliged to make the registered domains available to the public, entries for new domains are not found at all or with a delay of weeks. For this reason we offer additionally an active monitoring of typo-squatted domain variations. You can enter your own domain here and we will generate around 7000 variations of this domain as commonly used by hackers. This list of domains is then pro-actively monitored for active DNS entries on a daily basis. 
   * [[Domain Live Typosquatting Search]]   * [[Domain Live Typosquatting Search]]
  
-''**SSL MONITORING**''+==== SSL MONITORING ==== 
 + 
 +We monitor all SSL certificate transperency logs since many phishing websites are secured with SSL certificates to spoof the legitimate client’s name. By monitoring the certificate transparency logs that are available online, you can detect if your organization’s name gets spoofed on SSL certificates – even in the subdomain part of the domain. 
   * [[Certificate Monitoring]]   * [[Certificate Monitoring]]
  
-''**3RD PARTY PHISHING AND MALWARE REPORTS**''+==== 3RD PARTY PHISHING AND MALWARE REPORTS ==== 
   * [[Phish Feed Monitoring]]   * [[Phish Feed Monitoring]]
  
-''**SOCIAL MEDIA SPOOFING**''+==== SOCIAL MEDIA SPOOFING ==== 
   * [[Social Media Spoofing]]   * [[Social Media Spoofing]]
  
-''**MOBILE APP SPOOFING**''+==== MOBILE APP SPOOFING ==== 
   * [[App Spoofing]]   * [[App Spoofing]]
  
 ---- ----
  
-**DETECT EXPOSED CODE, SENSITIVE DATA OR VULNERABILITIES**+===== DETECT EXPOSED CODE, SENSITIVE DATA OR VULNERABILITIES ===== 
 + 
 +This feature addresses a significant and often overlooked cyber risk: sensitive data leakage. In numerous instances, developers and freelancers inadvertently deposit sensitive configurations, test data, and code into public repositories that can be anonymously accessed. This can potentially include critical data such as usernames, passwords, API keys, client details, and proprietary information about your internal infrastructure. 
 + 
 +Such exposure of sensitive data puts your organization at a heightened risk of targeted cyber attacks. Opportunistic hackers can easily scour these public repositories, acquiring valuable data that can be exploited to compromise your systems. 
 + 
 +In addition, our product also protects against the threats lurking within specialized search engines like Shodan. These platforms often expose details about potentially unsecured servers, shadow IT, and vulnerabilities within your applications. 
 + 
 +In essence, this module provides a robust solution to safeguard your organization against sensitive data leakage and targeted cyber threats, enhancing your overall cybersecurity resilience 
 + 
 +==== EXPOSED INFRASTRUCTURE OR DATA IN DEEPWEB ====
  
-''**EXPOSED INFRASTRUCTURE**'' 
   * [[Code Monitoring]]   * [[Code Monitoring]]
 +
 +Code Monitoring: Kaduu allows you to capture search terms and check their publication on publicly available Github, SourceForge, GoogleCode and other repositories. If there is a match, we publish the result with the corresponding link and allow you to automate the analysis of the results. Kaduu connects to the code sharing platforms once per day for each keyword. 
 +
   * [[Bucket Monitoring]]   * [[Bucket Monitoring]]
 +
 +Many enterprises continue to leave cloud storage buckets unprotected, even though extensive documentation is available on how to properly secure these buckets. Recent studies have shown that 1 in 5 publicly accessible buckets contained sensitive data (PII). In the past, many buckets have been widely exposed. In Kaduu, you can monitor S3 buckets, but also Azure cloud storage containers for any sensitive data related to your monitored keyword. Some of the most important S3 security risks include for example:
 +Configuration errors or failures that allow malicious users to access sensitive data in S3 buckets
 +Lack of understanding of what data is stored in S3 buckets and if protection for that specific data is adequate
 +Configuration problems that allow bad actors to upload malware to S3 buckets, and potentially create a baseline that they can use for further attacks.
 +
   * [[Public IP's and passive Vulnerability Monitoring]]   * [[Public IP's and passive Vulnerability Monitoring]]
 +
 +Passive Vulnerability Detection is a method of identifying vulnerabilities without actively interacting with the system or network being tested. This is typically done by analyzing system logs, network traffic, or other passively generated data. In case of Kaduu we query databases in the deep web that may contain data on the target. The advantage of passive vulnerability detection is that it doesn't disrupt the normal operation of the system and can be done without the target's knowledge. However, passive detection may miss some vulnerabilities that can only be detected through active interaction with the system. For the infrastructure search we need the domain (example.com and not www.example.com) as input. We thus recreate the infrastructure as a hacker will see it, without performing active scans. For all elements found, we then search the deep web again to see if any information about open ports or vulnerabilities can be found. Again, no scans take place. 
 +
   * [[Paste & Git Monitoring]]   * [[Paste & Git Monitoring]]
 +
 +Pastebin and other similar sites allow users to share text in the form of public posts called "pastes." Since the launch of Pastebin,many similar web applications called "paste sites" have developed. Pastebin sites are usually used for sharing code. However, any data in text form can also be uploaded and shared. The Pastebin search tool allows users to find relevant content based on keywords. Pastebin also relies on users to report abuse, which means non-compliant ones are rarely removed. This allows hackers to easily and anonymously penetrate data in an accessible location. Pastebin and similar websites are hosted on the Deep Web. This means that they can be viewed in a normal Internet browser, but the content is not indexed by Google and other traditional search engines. Users have to use the internal keyword search function to find specific content, or get paste links directly from other users. There are also paste sites on the dark web that offer increased anonymity via a Tor browser and are focused exclusively on illegal activities. For example, DeepPaste on the Dark Web is mainly used for advertising illegal goods or services. So, hackers use paste sites to prepare attacks or even to anonymously publish data from successful attacks. 
 +
   * [[Google Dork Monitoring]]   * [[Google Dork Monitoring]]
 +
 +Google hacking, also known as Google dorking, is the practice of using advanced operators in the Google search engine to find security vulnerabilities in websites. These operators can be used to search for specific file types, sensitive information, and other vulnerability-related information. It is often used by security researchers and hackers to find vulnerabilities in websites and networks. There are google Dork lists which can be used in combination with your domain. If any result appears in Kaduu, it means that there is a possible security vulnerability or data exposure in one of the webservices of your organisation. 
 +
   * [[URL Shortener Monitoring]]   * [[URL Shortener Monitoring]]
  
-''**EXPOSED EMPLOYEES**''+URL shortening services are online tools that take a long and complex URL and shorten it to a much shorter, more manageable length as shorter URLs are easier to remember, share, and type. However, URL shorteners can also be used maliciously by hackers to conceal the destination of a link and trick users into clicking on a malicious or phishing link. A study conducted by Cornell University found that out of 2.2 million URLs, 61% of the URLs used in phishing attacks were shortened links. But the risk is not onlylimited to hackers. Any cloud storage service and OneDrive in particular used to generate short URLs for documents and folders using the 1drv.ms domain. This is a “branded short domain” operated by Bitly and uses the same tokens as bit.ly. Searching by any cloud service domain (dropbox.com, drive.google.com), reveals a lot of downloadable files. 
 + 
 +==== EMPLOYEES EXPOSURE ==== 
   * [[E-Mail Monitoring]]   * [[E-Mail Monitoring]]
  
Line 55: Line 103:
  
  
-**FIND OUT IF SOMEONE TALKS ABOUT YOU IN THE DARKNET OR DEEPWEB**+===== FIND OUT IF SOMEONE TALKS ABOUT YOU IN THE DARKNET OR SELLS YOUR DATA ===== 
 + 
 + 
 +==== DEEP WEB AND DARKNET MENTIONING ====
  
-''**DEEP WEB AND DARKNET MENTIONING**'' 
   * [[Hacker Forum Search - Surface Web]]   * [[Hacker Forum Search - Surface Web]]
   * [[Telegram Hacker Channel Search]]   * [[Telegram Hacker Channel Search]]
Line 66: Line 116:
 ---- ----
  
-**FIND OUT IF DATA HAS BEEN LEACKED**+===== FIND OUT IF DATA HAS BEEN LEACKED IN THE PAST ===== 
 + 
 + 
 +==== LEAK SEARCH IN EXPERT MODE ====
  
-''**LEAK SEARCH IN EXPERT MODE**'' 
   * [[Leak Search]]   * [[Leak Search]]
   * [[Create Bookmarks]]   * [[Create Bookmarks]]
  
-''**CREDIT CARD SEARCH IN EXPERT MODE**''+==== CREDIT CARD SEARCH IN EXPERT MODE ==== 
   * [[Credit Card Search]]   * [[Credit Card Search]]
  
-''**BOTNET SEARCH**''+==== BOTNET SEARCH ==== 
   * [[Bot Search]]   * [[Bot Search]]
  
-''**RANSOMWARE MONITORING**''+==== RANSOMWARE MONITORING ==== 
   * [[Ransomware Site Monitoring]]   * [[Ransomware Site Monitoring]]
  
Line 96: Line 151:
  
 **ACCESS & EXPORT DATA** **ACCESS & EXPORT DATA**
 +  * [[How to get to the data in Kaduu - Introduction]] 
   * [[Export to CSV, XML etc]]    * [[Export to CSV, XML etc]] 
   * [[Create MS-Word based report (.Docx)]]   * [[Create MS-Word based report (.Docx)]]
Line 113: Line 169:
   * [[Can you search for more than one keyword at the same time?]]    * [[Can you search for more than one keyword at the same time?]] 
   * [[Simple vs Expert Mode]]   * [[Simple vs Expert Mode]]
 +  * [[Risk classifications]]
 +  * [[What are the meanings of the different date fields?]]
 +  * [[What is the difference between live and DB search?]]
 +
 +
 +**CENTRAL API**
  
 +* [[Darknet and Deepweb Risk Score]]  
  
start.1685895063.txt.gz · Last modified: 2023/06/04 18:11 by kaduuwikiadmin

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki