OSINT and External Vulnerability Assessment

Why OSINT?

Understand your organization's digital footprint from an attacker’s perspective. We use advanced OSINT techniques to discover sensitive information about your company, employees, and technology that is publicly available. From that information, we assess what your company is or could be vulnerable to. This intelligence provides critical context for your defensive strategy and helps you reduce your attack surface.

Gathering Information

First, we gather a list of applicable hostnames and IPs. We then use those to map the attack surface of your external network. We use publicly available information, open-source intelligence databases along with a mix of automated and manual review techniques to discover outstated software, dependencies, known public exploits, and other potential vulnerabilities.

This phase establishes a foundation for subsequent phases, ensuring that our assessment captures a broad yet detailed picture of your environment.

Validating Each Vulnerability

After we have analyzed your external footprint, we validate each vulnerability we find using public and proprietary exploitation techniques. This ensures we have accurately identified and categorized each vulnerability and its risk, so false positives are not reported. We do not perform DDoS or damaging exploitation techniques as part of this validation. Once validated, vulnerabilities, additional findings, affected endpoints, and affected assets are consolidated into a detailed actionable report.

Vulnerability Report

Each report consists of a high level vulnerability summary, vulnerability validation steps, so your team knows how to reproduce each finding, and actionable remediation items so you can resolve the identified vulnerabilities as quickly as possible. Remediations will also include source level mitigations where applicable that can be reviewed and implemented by your team.