Attack Surface Management: You’re probably doing it wrong

Aug 26, 2021

In this post, SpiderFoot founder and CEO Steve Micallef talks about the importance of leveraging a broad spectrum of OSINT for managing your attack surface:

…when determining the attackable surface of an organization, we must not only care about externally exposed assets, but also externally exposed information relevant to that organization. Such information (OSINT) can be used by attackers to mount social engineering attacks, spear-phishing attacks, gain access to critical assets sitting outside the traditional network perimeter or simply get more efficient about what assets they should seek out once inside.

Read the post in full here.

Threat Hunting//

Threat Hunting Case Study: FileFix

FileFix bypasses Mark of the Web (MotW) protections by hijacking the Windows File Explorer address bar. Here is how to hunt for it.

Emerging Threats//

Gentlemen Ransomware

Gentlemen ransomware uses credential abuse, defense evasion, and double extortion tactics to compromise enterprise environments and increase pressure on victims.

Emerging Threats//

TeamPCP Supply Chain Attacks

TeamPCP is exploiting trusted npm and PyPI packages to compromise developer environments, steal credentials, and extend attacks across software supply chains.

Sign up for our Executive Intel Update

Stay informed with our weekly executive update, sending you the latest news and timely data on the threats, risks, and regulations affecting your organization.

Attack Surface Management: You’re probably doing it wrong

Related Articles

Threat Hunting Case Study: FileFix

Gentlemen Ransomware

TeamPCP Supply Chain Attacks

Sign up for our Executive Intel Update

Sign up for our Executive Intel Update