My DokuWiki

User Tools

Site Tools

Trace:
start

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
start [2023/06/06 12:05]
kaduuwikiadmin 		start [2025/04/14 11:22] (current)
kaduuwikiadmin [RANSOMWARE MONITORING]
Line 32: Line 32:
  
 ==== ACTIVE DOMAIN RESEARCH ==== ==== ACTIVE DOMAIN RESEARCH ====
 +
 +Passive Domain monitoring involves monitoring publicly available databases of registered domains. However, since ccTLDs are not obliged to make the registered domains available to the public, entries for new domains are not found at all or with a delay of weeks. For this reason we offer additionally an active monitoring of typo-squatted domain variations. You can enter your own domain here and we will generate around 7000 variations of this domain as commonly used by hackers. This list of domains is then pro-actively monitored for active DNS entries on a daily basis.
  
   * [[Domain Live Typosquatting Search]]   * [[Domain Live Typosquatting Search]]
  
 ==== SSL MONITORING ==== ==== SSL MONITORING ====
 +
 +We monitor all SSL certificate transperency logs since many phishing websites are secured with SSL certificates to spoof the legitimate client’s name. By monitoring the certificate transparency logs that are available online, you can detect if your organization’s name gets spoofed on SSL certificates – even in the subdomain part of the domain.
  
   * [[Certificate Monitoring]]   * [[Certificate Monitoring]]
Line 67: Line 71:
   * [[Code Monitoring]]   * [[Code Monitoring]]
  
-Code Monitoring: Kaduu allows you to capture search terms and check their publication on publicly available Github, SourceForge, GoogleCode and other repositories. If there is a match, we publish the result with the corresponding link and allow you to automate the analysis of the results. Kaduu connects to the code sharing platforms once per day for each keyword.  Any code sharing server can introduce a number of security risks for an organization, including:+Code Monitoring: Kaduu allows you to capture search terms and check their publication on publicly available Github, SourceForge, GoogleCode and other repositories. If there is a match, we publish the result with the corresponding link and allow you to automate the analysis of the results. Kaduu connects to the code sharing platforms once per day for each keyword. 
  
-Data leakage: If an organization uses a code sharing software to store sensitive data, such as source code, login credentials, or customer data, there is a risk that this data may be accidentally leaked through a misconfigured repository or a compromised account.+  * [[Bucket Monitoring]]
  
-Insider threats: If an organization uses a code sharing softwareto collaborate on projectsthere is a risk that an employee or contractor may intentionally or accidentally cause a data breach, for example by committing sensitive information to a public repository.+Many enterprises continue to leave cloud storage buckets unprotectedeven though extensive documentation is available on how to properly secure these buckets. Recent studies have shown that 1 in 5 publicly accessible buckets contained sensitive data (PII). In the pastmany buckets have been widely exposed. In Kaduu, you can monitor S3 buckets, but also Azure cloud storage containers for any sensitive data related to your monitored keyword. Some of the most important S3 security risks include for example
 +Configuration errors or failures that allow malicious users to access sensitive data in S3 buckets 
 +Lack of understanding of what data is stored in S3 buckets and if protection for that specific data is adequate 
 +Configuration problems that allow bad actors to upload malware to S3 buckets, and potentially create baseline that they can use for further attacks.
  
-Third-party risks: If an organization uses a code sharing software to collaborate with third-party vendors or open-source contributors, there is a risk that a malicious actor may use this access to gain unauthorized access to an organization'data or systems.+  * [[Public IP'and passive Vulnerability Monitoring]]
  
-Malicious code injection: If an organization uses a code sharing software to manage their software development, there is a risk that a malicious actor may inject malicious code into the repositorywhich can then be executed on the organizations systems.+Passive Vulnerability Detection is a method of identifying vulnerabilities without actively interacting with the system or network being tested. This is typically done by analyzing system logs, network traffic, or other passively generated data. In case of Kaduu we query databases in the deep web that may contain data on the target. The advantage of passive vulnerability detection is that it doesn't disrupt the normal operation of the system and can be done without the target's knowledge. Howeverpassive detection may miss some vulnerabilities that can only be detected through active interaction with the system. For the infrastructure search we need the domain (example.com and not www.example.com) as input. We thus recreate the infrastructure as a hacker will see it, without performing active scans. For all elements found, we then search the deep web again to see if any information about open ports or vulnerabilities can be found. Again, no scans take place
  
-Phishing and Social engineering: code sharing servers are widely used for software development and many developers are active on it. Hackers may use phishing and social engineering tactics to gain access to organization's sensitive information.+  * [[Paste & Git Monitoring]]
  
-Compromised dependencies: If an organization uses open-source libraries, they may be unknowingly importing compromised dependency into their codebase.+Pastebin and other similar sites allow users to share text in the form of public posts called "pastes." Since the launch of Pastebin,many similar web applications called "paste sites" have developed. Pastebin sites are usually used for sharing code. However, any data in text form can also be uploaded and shared. The Pastebin search tool allows users to find relevant content based on keywords. Pastebin also relies on users to report abuse, which means non-compliant ones are rarely removed. This allows hackers to easily and anonymously penetrate data in an accessible location. Pastebin and similar websites are hosted on the Deep Web. This means that they can be viewed in normal Internet browser, but the content is not indexed by Google and other traditional search engines. Users have to use the internal keyword search function to find specific content, or get paste links directly from other users. There are also paste sites on the dark web that offer increased anonymity via a Tor browser and are focused exclusively on illegal activities. For example, DeepPaste on the Dark Web is mainly used for advertising illegal goods or services. So, hackers use paste sites to prepare attacks or even to anonymously publish data from successful attacks
  
-Google Dork Monitoring: Google hacking, a +  * [[Google Dork Monitoring]]
- +
-Sensitive information: Google hacking can be used to search for sensitive information such as credit card numbers, social security numbers, and login credentials that may have been accidentally exposed on a website. +
- +
-Vulnerable files and directories: Advanced operators can be used to search for specific file types, such as .php or .asp, that may indicate a vulnerability in a website's code. +
- +
-Misconfigured servers: Google hacking can be used to search for servers that have been misconfigured, such as those that have directory listing enabled, which can reveal sensitive information about the server and its contents. +
- +
-Backdoors: Google hacking can be used to search for backdoors, which are small programs that can be used to gain unauthorized access to a system. +
- +
-Open ports: Google hacking can be used to search for open ports on a network, which can indicate a vulnerability that can be exploited by attackers.+
  
-Exposed databases: Google hacking can also be used to search for exposed databaseswhich can contain sensitive information such as customer datafinancial information, etc+Google hackingalso known as Google dorking, is the practice of using advanced operators in the Google search engine to find security vulnerabilities in websites. These operators can be used to search for specific file types, sensitive information, and other vulnerability-related information. It is often used by security researchers and hackers to find vulnerabilities in websites and networks. There are google Dork lists which can be used in combination with your domain. If any result appears in Kaduuit means that there is a possible security vulnerability or data exposure in one of the webservices of your organisation. 
  
-  * [[Bucket Monitoring]] 
-  * [[Public IP's and passive Vulnerability Monitoring]] 
-  * [[Paste & Git Monitoring]] 
-  * [[Google Dork Monitoring]] 
   * [[URL Shortener Monitoring]]   * [[URL Shortener Monitoring]]
 +
 +URL shortening services are online tools that take a long and complex URL and shorten it to a much shorter, more manageable length as shorter URLs are easier to remember, share, and type. However, URL shorteners can also be used maliciously by hackers to conceal the destination of a link and trick users into clicking on a malicious or phishing link. A study conducted by Cornell University found that out of 2.2 million URLs, 61% of the URLs used in phishing attacks were shortened links. But the risk is not onlylimited to hackers. Any cloud storage service and OneDrive in particular used to generate short URLs for documents and folders using the 1drv.ms domain. This is a “branded short domain” operated by Bitly and uses the same tokens as bit.ly. Searching by any cloud service domain (dropbox.com, drive.google.com), reveals a lot of downloadable files.
  
 ==== EMPLOYEES EXPOSURE ==== ==== EMPLOYEES EXPOSURE ====
Line 156: Line 151:
  
 **ACCESS & EXPORT DATA** **ACCESS & EXPORT DATA**
 +  * [[How to get to the data in Kaduu - Introduction]] 
   * [[Export to CSV, XML etc]]    * [[Export to CSV, XML etc]] 
   * [[Create MS-Word based report (.Docx)]]   * [[Create MS-Word based report (.Docx)]]
Line 173: Line 169:
   * [[Can you search for more than one keyword at the same time?]]    * [[Can you search for more than one keyword at the same time?]] 
   * [[Simple vs Expert Mode]]   * [[Simple vs Expert Mode]]
 +  * [[Risk classifications]]
 +  * [[What are the meanings of the different date fields?]]
 +  * [[What is the difference between live and DB search?]]
 +
 +
 +**CENTRAL API**
  
 +* [[Darknet and Deepweb Risk Score]]  
  
start.1686045948.txt.gz · Last modified: 2023/06/06 12:05 by kaduuwikiadmin

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki