If you’re a large organization, hiring a Cyber security firm to audit your security posture is a…

If you’re a large organization, hiring a Cyber security firm to audit your security posture is a no brainer. Everything is exploitable and thinking that you are 100% secure nowadays is naive. You can purchase the best of the best security stack but no matter what, there will always be a weak chain somewhere. This is why these services exist. So that they help identify the gaps and help re-mediate them before someone malicious exploits them.

These services really help keep you secure. You can never be 100% secure as there is always an amount of risk the business accepts, plus there are new threats everyday and keeping up with them all is impossible. Obviously this is great but for some but for small businesses it can be too expensive.

Below are a few sites you can use in order to see how exposed you are on the internet.

Important things to note:

• You must have permission to pen-test an organization, even if you work there yourself. You and the business must define a scope and sign a legal document to cover the work.
• Active and Passive reconnaissance is a grey area to some and the legal lines shifts. Although identifying vulnerabilities in a system could be considered legal, taking action on them is not.

Recon Search Engines

Using Nmap to scan internally is a great way to see open services and ports but when you are taking about your external IPs, someone has done the work for you.
Below are a set of sites, security professionals use to recon a company or person.

• https://www.shodan.io
• https://censys.io/
• https://www.zoomeye.org/

You can use these sites to see how exposed you are on the internet. You can do this be using different methods.

IP Addresses
You can search your external IP address range and see what ports are available. All three sites do a great job of also highlighting vulnerabilities on these ports. This can then be a helpful guide on how to plug some of the gaps and better secure your systems.

Domain name
This will help identify shadow IT. If sites are hosted externally, you might not know the IP address or even worse, you might not actually be aware that a user has spun this up. Searching your domain is a good way of identifying these hidden treasures.

Certificates
We all should be using SSL certificates nowadays as they help secure your site. Much like the domain name search, this could return more than you bargained for. The thing you want to be searching is the domain or known keywords because the will most likely be present within the certificate, either under Subject or Alternative name.

These sites focus on computer systems but it might not be a computer that is the weak chain. Humans can also be exploited. A hacker can use social engineering techniques in order to exploit people which can in turn give them access. 
But how do they find out about the person?

They will most likely use a tool called Maltego. This is a very powerful tool and has the capability to show all the relationships a person or system has across the internet and I don’t me ex girlfriends. Maltego can help link a single name to email addresses, domains, phone numbers, best friends, family and all their social media sites. It’s worth noting that you can also use these to recon your computer systems as well. It’s not just about people.

If you did want to try it against a few IPs but not install it, there are sites which use Maltego on the backend such as Threatcrowd: https://www.threatcrowd.org/

If you wanted to stick with people, there is another useful site you can use called Pipl.
This is a site you can use to see how much information is out there on the internet. It’s also a good way to see how much information is out there for yourself. All you need to do is enter some basic information such as name and location and search away. To an attacker, the more information they can gather, the more they can use this to their advantage.

These are just some of the few sites out there that you can use to run a basic check against yourself or your companies security posture. They are also a cool way of understanding how to better secure yourself on the internet.

Try them out and have a bit of fun with it. Remember though, keep it legal. For instance, these sites allow you to view several CCTV cameras on the internet that have default passwords. Looking at the search result isn’t illegal but attempting to login to the camera is.