My DokuWiki

User Tools

Site Tools

Trace:
start

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
start [2023/06/06 11:34]
kaduuwikiadmin 		start [2025/04/14 11:22] (current)
kaduuwikiadmin [RANSOMWARE MONITORING]
Line 32: Line 32:
  
 ==== ACTIVE DOMAIN RESEARCH ==== ==== ACTIVE DOMAIN RESEARCH ====
 +
 +Passive Domain monitoring involves monitoring publicly available databases of registered domains. However, since ccTLDs are not obliged to make the registered domains available to the public, entries for new domains are not found at all or with a delay of weeks. For this reason we offer additionally an active monitoring of typo-squatted domain variations. You can enter your own domain here and we will generate around 7000 variations of this domain as commonly used by hackers. This list of domains is then pro-actively monitored for active DNS entries on a daily basis.
  
   * [[Domain Live Typosquatting Search]]   * [[Domain Live Typosquatting Search]]
  
 ==== SSL MONITORING ==== ==== SSL MONITORING ====
 +
 +We monitor all SSL certificate transperency logs since many phishing websites are secured with SSL certificates to spoof the legitimate client’s name. By monitoring the certificate transparency logs that are available online, you can detect if your organization’s name gets spoofed on SSL certificates – even in the subdomain part of the domain.
  
   * [[Certificate Monitoring]]   * [[Certificate Monitoring]]
Line 55: Line 59:
 ===== DETECT EXPOSED CODE, SENSITIVE DATA OR VULNERABILITIES ===== ===== DETECT EXPOSED CODE, SENSITIVE DATA OR VULNERABILITIES =====
  
 +This feature addresses a significant and often overlooked cyber risk: sensitive data leakage. In numerous instances, developers and freelancers inadvertently deposit sensitive configurations, test data, and code into public repositories that can be anonymously accessed. This can potentially include critical data such as usernames, passwords, API keys, client details, and proprietary information about your internal infrastructure.
  
-==== EXPOSED INFRASTRUCTURE OR DATA IN DEEPWEB ====+Such exposure of sensitive data puts your organization at a heightened risk of targeted cyber attacks. Opportunistic hackers can easily scour these public repositories, acquiring valuable data that can be exploited to compromise your systems.
  
 +In addition, our product also protects against the threats lurking within specialized search engines like Shodan. These platforms often expose details about potentially unsecured servers, shadow IT, and vulnerabilities within your applications.
 +
 +In essence, this module provides a robust solution to safeguard your organization against sensitive data leakage and targeted cyber threats, enhancing your overall cybersecurity resilience
 +
 +==== EXPOSED INFRASTRUCTURE OR DATA IN DEEPWEB ====
  
   * [[Code Monitoring]]   * [[Code Monitoring]]
 +
 +Code Monitoring: Kaduu allows you to capture search terms and check their publication on publicly available Github, SourceForge, GoogleCode and other repositories. If there is a match, we publish the result with the corresponding link and allow you to automate the analysis of the results. Kaduu connects to the code sharing platforms once per day for each keyword. 
 +
   * [[Bucket Monitoring]]   * [[Bucket Monitoring]]
 +
 +Many enterprises continue to leave cloud storage buckets unprotected, even though extensive documentation is available on how to properly secure these buckets. Recent studies have shown that 1 in 5 publicly accessible buckets contained sensitive data (PII). In the past, many buckets have been widely exposed. In Kaduu, you can monitor S3 buckets, but also Azure cloud storage containers for any sensitive data related to your monitored keyword. Some of the most important S3 security risks include for example:
 +Configuration errors or failures that allow malicious users to access sensitive data in S3 buckets
 +Lack of understanding of what data is stored in S3 buckets and if protection for that specific data is adequate
 +Configuration problems that allow bad actors to upload malware to S3 buckets, and potentially create a baseline that they can use for further attacks.
 +
   * [[Public IP's and passive Vulnerability Monitoring]]   * [[Public IP's and passive Vulnerability Monitoring]]
 +
 +Passive Vulnerability Detection is a method of identifying vulnerabilities without actively interacting with the system or network being tested. This is typically done by analyzing system logs, network traffic, or other passively generated data. In case of Kaduu we query databases in the deep web that may contain data on the target. The advantage of passive vulnerability detection is that it doesn't disrupt the normal operation of the system and can be done without the target's knowledge. However, passive detection may miss some vulnerabilities that can only be detected through active interaction with the system. For the infrastructure search we need the domain (example.com and not www.example.com) as input. We thus recreate the infrastructure as a hacker will see it, without performing active scans. For all elements found, we then search the deep web again to see if any information about open ports or vulnerabilities can be found. Again, no scans take place. 
 +
   * [[Paste & Git Monitoring]]   * [[Paste & Git Monitoring]]
 +
 +Pastebin and other similar sites allow users to share text in the form of public posts called "pastes." Since the launch of Pastebin,many similar web applications called "paste sites" have developed. Pastebin sites are usually used for sharing code. However, any data in text form can also be uploaded and shared. The Pastebin search tool allows users to find relevant content based on keywords. Pastebin also relies on users to report abuse, which means non-compliant ones are rarely removed. This allows hackers to easily and anonymously penetrate data in an accessible location. Pastebin and similar websites are hosted on the Deep Web. This means that they can be viewed in a normal Internet browser, but the content is not indexed by Google and other traditional search engines. Users have to use the internal keyword search function to find specific content, or get paste links directly from other users. There are also paste sites on the dark web that offer increased anonymity via a Tor browser and are focused exclusively on illegal activities. For example, DeepPaste on the Dark Web is mainly used for advertising illegal goods or services. So, hackers use paste sites to prepare attacks or even to anonymously publish data from successful attacks. 
 +
   * [[Google Dork Monitoring]]   * [[Google Dork Monitoring]]
 +
 +Google hacking, also known as Google dorking, is the practice of using advanced operators in the Google search engine to find security vulnerabilities in websites. These operators can be used to search for specific file types, sensitive information, and other vulnerability-related information. It is often used by security researchers and hackers to find vulnerabilities in websites and networks. There are google Dork lists which can be used in combination with your domain. If any result appears in Kaduu, it means that there is a possible security vulnerability or data exposure in one of the webservices of your organisation. 
 +
   * [[URL Shortener Monitoring]]   * [[URL Shortener Monitoring]]
 +
 +URL shortening services are online tools that take a long and complex URL and shorten it to a much shorter, more manageable length as shorter URLs are easier to remember, share, and type. However, URL shorteners can also be used maliciously by hackers to conceal the destination of a link and trick users into clicking on a malicious or phishing link. A study conducted by Cornell University found that out of 2.2 million URLs, 61% of the URLs used in phishing attacks were shortened links. But the risk is not onlylimited to hackers. Any cloud storage service and OneDrive in particular used to generate short URLs for documents and folders using the 1drv.ms domain. This is a “branded short domain” operated by Bitly and uses the same tokens as bit.ly. Searching by any cloud service domain (dropbox.com, drive.google.com), reveals a lot of downloadable files.
  
 ==== EMPLOYEES EXPOSURE ==== ==== EMPLOYEES EXPOSURE ====
Line 121: Line 151:
  
 **ACCESS & EXPORT DATA** **ACCESS & EXPORT DATA**
 +  * [[How to get to the data in Kaduu - Introduction]] 
   * [[Export to CSV, XML etc]]    * [[Export to CSV, XML etc]] 
   * [[Create MS-Word based report (.Docx)]]   * [[Create MS-Word based report (.Docx)]]
Line 138: Line 169:
   * [[Can you search for more than one keyword at the same time?]]    * [[Can you search for more than one keyword at the same time?]] 
   * [[Simple vs Expert Mode]]   * [[Simple vs Expert Mode]]
 +  * [[Risk classifications]]
 +  * [[What are the meanings of the different date fields?]]
 +  * [[What is the difference between live and DB search?]]
 +
 +
 +**CENTRAL API**
  
 +* [[Darknet and Deepweb Risk Score]]  
  
start.1686044066.txt.gz · Last modified: 2023/06/06 11:34 by kaduuwikiadmin

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki