Quickly mapping an organisations attack surface is an essential skill for network attackers (penetration testers, bug bounty hunters or Mr Robot) as well as those who are defending the network (network security folks, system administrators, blue teams etc).
A detailed footprint of an organisations Internet facing systems is a tactical resource that can be used by both attackers and defenders. By developing an understanding of the attack surface skilled security analysts are able to quickly identify weak areas in the attack surface.
Discovered assets such as old servers, custom web applications and forgotten services are often the first crumbs in a trail that leads to a compromise.
Attack Surface Discovery is Time Critical
The Blue Team needs to understand the tactics that penetration testers and bug bounty hunters are using to map the attack surface. These tactics simulate those employed by targeted attackers. By quickly identifying weak areas in your attack surface you will enable prioritisation of mitigation to defend those systems and applications.
Penetration Testers need to quickly identify the weak spots so that they can gain access and ensure that the engagement is successful. The nature of a penetration test is time constrained so the faster areas to attack are identified the more likely the test will be a success.
Bug Bounty Hunters need to quickly identify weak spots to find the bugs and get the bounty. Since a hunter is competing against others in the race to find bugs, being faster can often mean getting paid. This is not to say that more involved deeper bug discoveries do not take time to develop, but a quick wins give you time to go for more.
Footprinting a Domain is an Iterative Process
After working through the process of footprinting a domain, you will quickly realise how it is a cyclic process. The output from searching against the domain, provides new inputs into the same domain search process. This can go on for quite some time, with both time and scope factors in the value of continuing the discovery.
We have been featured in well known cyber security conferences and resources.
