Table of Contents

MAIN WIKI KADUU.IO

Welcome to Kaduu Wiki. Kaduu is a SaaS based platform offering Darknet & Deep Web monitoring. You can find more information about the product here https://kaduu.io. Please find below technical articles about our various features. If you have any questions, please contact support@kaduu.io.


FUNCTIONALITY:PREVENT ATTACKS

In today's interconnected world, organizations are prime targets for cyberattacks, with phishing and malware attacks being among the most prevalent. Early detection is key, and our Threat Intelligence Product enables precisely that.\\

Cyber attackers often employ strategies like typo squatting, a tactic where they register domains that closely resemble legitimate ones. An example would be an attacker targeting a bank and registering a domain like 'www.bannkofexample.com'. At a quick glance, your customers or employees might not spot the difference, thus falling prey to the attacker's tactics.\\

That's where our Threat Intelligence Product steps in. It vigilantly monitors all new global domain registrations for similarities to your own. This proactive approach helps identify potential threats at their genesis, allowing you to thwart an attack before it materializes.\\

However, attackers can be crafty, often embedding your organization's name within a subdomain or a directory. For instance, they might use URLs like 'www.randomsite.com/yourbankname' or 'yourbankname.fakesite.org'. Such subtle incorporations are designed to exploit human oversight and amplify the attacker's success rate.

Our product enhances your defense by not only tracking domain registrations but also by monitoring SSL Transparency logs, allowing you to also detect your domain name within the subdomain part of a malicious URL. SSL Transparency logs are public records maintained by SSL providers detailing each SSL certificate issued. Scrutinizing these logs aids in unmasking potential hidden threats lurking in the subdomains.\\

Further fortifying your cyber defense, our product integrates information from resources like PhishTank, OpenPhish and similar sources. These repositories maintain a global database of URLs reported for phishing or disseminating malware, allowing us to also detect your company or brand name within a directory of a URL.

By amalgamating these varied sources of intelligence, our product provides you with comprehensive, real-time visibility into potential cyber threats.

PASSIVE DOMAIN RESEARCH IN EXPERT MODE

ACTIVE DOMAIN RESEARCH

Passive Domain monitoring involves monitoring publicly available databases of registered domains. However, since ccTLDs are not obliged to make the registered domains available to the public, entries for new domains are not found at all or with a delay of weeks. For this reason we offer additionally an active monitoring of typo-squatted domain variations. You can enter your own domain here and we will generate around 7000 variations of this domain as commonly used by hackers. This list of domains is then pro-actively monitored for active DNS entries on a daily basis.

SSL MONITORING

We monitor all SSL certificate transperency logs since many phishing websites are secured with SSL certificates to spoof the legitimate client’s name. By monitoring the certificate transparency logs that are available online, you can detect if your organization’s name gets spoofed on SSL certificates – even in the subdomain part of the domain.

3RD PARTY PHISHING AND MALWARE REPORTS

SOCIAL MEDIA SPOOFING

MOBILE APP SPOOFING


DETECT EXPOSED CODE, SENSITIVE DATA OR VULNERABILITIES

This feature addresses a significant and often overlooked cyber risk: sensitive data leakage. In numerous instances, developers and freelancers inadvertently deposit sensitive configurations, test data, and code into public repositories that can be anonymously accessed. This can potentially include critical data such as usernames, passwords, API keys, client details, and proprietary information about your internal infrastructure.

Such exposure of sensitive data puts your organization at a heightened risk of targeted cyber attacks. Opportunistic hackers can easily scour these public repositories, acquiring valuable data that can be exploited to compromise your systems.

In addition, our product also protects against the threats lurking within specialized search engines like Shodan. These platforms often expose details about potentially unsecured servers, shadow IT, and vulnerabilities within your applications.

In essence, this module provides a robust solution to safeguard your organization against sensitive data leakage and targeted cyber threats, enhancing your overall cybersecurity resilience

EXPOSED INFRASTRUCTURE OR DATA IN DEEPWEB

Code Monitoring: Kaduu allows you to capture search terms and check their publication on publicly available Github, SourceForge, GoogleCode and other repositories. If there is a match, we publish the result with the corresponding link and allow you to automate the analysis of the results. Kaduu connects to the code sharing platforms once per day for each keyword.

Many enterprises continue to leave cloud storage buckets unprotected, even though extensive documentation is available on how to properly secure these buckets. Recent studies have shown that 1 in 5 publicly accessible buckets contained sensitive data (PII). In the past, many buckets have been widely exposed. In Kaduu, you can monitor S3 buckets, but also Azure cloud storage containers for any sensitive data related to your monitored keyword. Some of the most important S3 security risks include for example: Configuration errors or failures that allow malicious users to access sensitive data in S3 buckets Lack of understanding of what data is stored in S3 buckets and if protection for that specific data is adequate Configuration problems that allow bad actors to upload malware to S3 buckets, and potentially create a baseline that they can use for further attacks.

Passive Vulnerability Detection is a method of identifying vulnerabilities without actively interacting with the system or network being tested. This is typically done by analyzing system logs, network traffic, or other passively generated data. In case of Kaduu we query databases in the deep web that may contain data on the target. The advantage of passive vulnerability detection is that it doesn't disrupt the normal operation of the system and can be done without the target's knowledge. However, passive detection may miss some vulnerabilities that can only be detected through active interaction with the system. For the infrastructure search we need the domain (example.com and not www.example.com) as input. We thus recreate the infrastructure as a hacker will see it, without performing active scans. For all elements found, we then search the deep web again to see if any information about open ports or vulnerabilities can be found. Again, no scans take place.

Pastebin and other similar sites allow users to share text in the form of public posts called "pastes." Since the launch of Pastebin,many similar web applications called "paste sites" have developed. Pastebin sites are usually used for sharing code. However, any data in text form can also be uploaded and shared. The Pastebin search tool allows users to find relevant content based on keywords. Pastebin also relies on users to report abuse, which means non-compliant ones are rarely removed. This allows hackers to easily and anonymously penetrate data in an accessible location. Pastebin and similar websites are hosted on the Deep Web. This means that they can be viewed in a normal Internet browser, but the content is not indexed by Google and other traditional search engines. Users have to use the internal keyword search function to find specific content, or get paste links directly from other users. There are also paste sites on the dark web that offer increased anonymity via a Tor browser and are focused exclusively on illegal activities. For example, DeepPaste on the Dark Web is mainly used for advertising illegal goods or services. So, hackers use paste sites to prepare attacks or even to anonymously publish data from successful attacks.

Google hacking, also known as Google dorking, is the practice of using advanced operators in the Google search engine to find security vulnerabilities in websites. These operators can be used to search for specific file types, sensitive information, and other vulnerability-related information. It is often used by security researchers and hackers to find vulnerabilities in websites and networks. There are google Dork lists which can be used in combination with your domain. If any result appears in Kaduu, it means that there is a possible security vulnerability or data exposure in one of the webservices of your organisation.

URL shortening services are online tools that take a long and complex URL and shorten it to a much shorter, more manageable length as shorter URLs are easier to remember, share, and type. However, URL shorteners can also be used maliciously by hackers to conceal the destination of a link and trick users into clicking on a malicious or phishing link. A study conducted by Cornell University found that out of 2.2 million URLs, 61% of the URLs used in phishing attacks were shortened links. But the risk is not onlylimited to hackers. Any cloud storage service and OneDrive in particular used to generate short URLs for documents and folders using the 1drv.ms domain. This is a “branded short domain” operated by Bitly and uses the same tokens as bit.ly. Searching by any cloud service domain (dropbox.com, drive.google.com), reveals a lot of downloadable files.

EMPLOYEES EXPOSURE


FIND OUT IF SOMEONE TALKS ABOUT YOU IN THE DARKNET OR SELLS YOUR DATA

DEEP WEB AND DARKNET MENTIONING


FIND OUT IF DATA HAS BEEN LEACKED IN THE PAST

LEAK SEARCH IN EXPERT MODE

CREDIT CARD SEARCH IN EXPERT MODE

RANSOMWARE MONITORING


COMPARE THE DATA

——–

ALERTS


ACCESS & EXPORT DATA


SETUP OPTIONS


GENERAL TOPICS