In this second post on the Exposure Assessment topic we start from the end!
We have just put into production, within our OSINT & Cyber Threat Intelligence SATAYO platform, an internal search engine that aims to simplify the research of evidences within the platform itself. This is a development that has been particularly requested by those organizations that are monitored within the platform and that manage a large number of internet domains.
SATAYO aims to search for information relating to an organization, within the Surface, Deep & Dark Web, starting from these input elements: the organization’s internet domains and some keywords (typically names of services and products, names of top management figures in the organization and so on).
The phrase that best describes the goal of our platform is:
Discover the attack surface, keep it monitored, and manage the exposed data over time. React proactively in order to avoid exploits.
These are some of the objects that the SATAYO platform allows you to discover:
Surely this allows us to recover, for any domain, an impressive amount of information!
So we have decided to simplify the activities of those who, within a SOC (Security Operation Center) or directly within individual organizations, have the goal of implementing the mitigations or remedies that are suggested within SATAYO.
As mentioned at the beginning of the post we have developed an internal search engine, which allows at this time to search, within all the evidences discovered by SATAYO for all the domains of an organization, for these elements: ip addresses, hostnames, email account, CVE (Common Vulnerabilities and Exposures), name of a data breach.
The search bar has been positioned at the top right and suggests searchable items.
For example, if you want to check if any of the services exposed by your organization have a specific vulnerability, you can search for the specific CVE (in the format CVE-yyyy-xxxxx). About this, it may be useful to know the remote vulnerabilities most exploited by cyber attackers in recent months (source: https://us-cert.cisa.gov/ncas/alerts/aa21-209a):
|Citrix||CVE-2019-19781||arbitrary code execution|
|Pulse||CVE 2019-11510||arbitrary file reading|
|Fortinet||CVE 2018-13379||path traversal|
|F5- Big IP||CVE 2020-5902||remote code execution (RCE)|
|Microsoft||CVE-2020-0787||elevation of privilege|
|Microsoft||CVE-2020-1472||elevation of privilege|
If, on the other hand, you want to know if any of the email accounts of your organization are exposed within a specific data breach, simply type the name of the same in the search box. Here you can see an example of a search for a famous data breach, that of the Canva service:
In the coming weeks we will index additional types of data, with the aim of making the activity of our users increasingly easier!