{"id":3663,"date":"2024-09-17T13:37:35","date_gmt":"2024-09-17T11:37:35","guid":{"rendered":"https:\/\/www.dsecbypass.com\/?p=3663"},"modified":"2024-09-17T11:33:46","modified_gmt":"2024-09-17T09:33:46","slug":"exaface-external-attack-surface-mapping","status":"publish","type":"post","link":"https:\/\/www.dsecbypass.com\/en\/exaface-external-attack-surface-mapping\/","title":{"rendered":"Internet exposure audit: Attack Surface Mapping &#8211; Exaface"},"content":{"rendered":"<p>[et_pb_section fb_built=&#8221;1&#8243; _builder_version=&#8221;4.17.3&#8243; _module_preset=&#8221;default&#8221; custom_padding=&#8221;0px||||false|false&#8221; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;][et_pb_row _builder_version=&#8221;4.17.3&#8243; _module_preset=&#8221;default&#8221; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;4.17.3&#8243; _module_preset=&#8221;default&#8221; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;][et_pb_text _builder_version=&#8221;4.27.0&#8243; _module_preset=&#8221;default&#8221; hover_enabled=&#8221;0&#8243; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221; sticky_enabled=&#8221;0&#8243;]<\/p>\n<p style=\"text-align: justify;\">Mapping in the EASM cycle is <strong>the starting point for analyzing an external attack surface<\/strong>. The data collected during this phase <strong>represents the vision of a malicious actor who is interested in an organization<\/strong>: websites and their technologies, remote access referenced or not, administration interfaces, possible connected objects left open to the Internet, an application that you thought was decommissioned, and potentially other systems that you do not suspect. <\/p>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=&#8221;4.17.3&#8243; _module_preset=&#8221;default&#8221; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;4.17.3&#8243; _module_preset=&#8221;default&#8221; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;][et_pb_text _builder_version=&#8221;4.27.0&#8243; _module_preset=&#8221;default&#8221; hover_enabled=&#8221;0&#8243; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221; sticky_enabled=&#8221;0&#8243;]<\/p>\n<p><strong>Mapping is a minimally intrusive discovery process<\/strong> based on the recovery of the following data:<br \/>\u2713 DNS (zone, security best practices, whois)<br \/>\u2713 Messaging (DNS configuration, services, security best practices)<br \/>\u2713 Certificates (self-signed, expired)<br \/>\u2713 SSL\/TLS (weak configurations, vulnerable protocols)<br \/>\u2713 Network Services \/ Websites (protocols, technologies, banners, operating systems, vulnerabilities)<br \/>\u2713 IP addresses (host, ASN, geolocation, whois)<\/p>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=&#8221;4.17.3&#8243; _module_preset=&#8221;default&#8221; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;4.17.3&#8243; _module_preset=&#8221;default&#8221; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;][et_pb_text _builder_version=&#8221;4.27.0&#8243; _module_preset=&#8221;default&#8221; hover_enabled=&#8221;0&#8243; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221; sticky_enabled=&#8221;0&#8243;]<\/p>\n<p>The methodology developed by Exaface allows you to enrich your mapping:<br \/>\u27a4 Correlation of discovered information to suggest new resources to monitor (domain, subdomain, URL, other)<br \/>\u27a4 Risk assessment with dedicated rating by data type<br \/>\u27a4 Daily perimeter refreshing<\/p>\n<p><strong>\u2728 At Exaface, this mapping is also based on the history of data collected<\/strong> on a daily basis for several years, which represents:<br \/>&#8211; 480 million domains<br \/>&#8211; 2 billion subdomains<br \/>&#8211; 850 million IP addresses<br \/>&#8211; 2.5 billion subdomains with their associated IP addresses<br \/>&#8211; 110 million new DNS entries are collected every day<\/p>\n<p>This first phase allows you to have at this stage the most exhaustive view possible of the security level of your external attack surface, all hosted on our European servers.<\/p>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=&#8221;4.17.3&#8243; _module_preset=&#8221;default&#8221; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;4.17.3&#8243; _module_preset=&#8221;default&#8221; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;][et_pb_button button_url=&#8221;https:\/\/www.dsecbypass.com\/en\/contact\/&#8221; button_text=&#8221;CONTACT US&#8221; button_alignment=&#8221;center&#8221; _builder_version=&#8221;4.17.4&#8243; _module_preset=&#8221;default&#8221; custom_button=&#8221;on&#8221; button_text_size=&#8221;13px&#8221; button_bg_color=&#8221;#4328b7&#8243; button_border_width=&#8221;10px&#8221; button_border_color=&#8221;#4328b7&#8243; button_border_radius=&#8221;0px&#8221; button_letter_spacing=&#8221;2px&#8221; button_font=&#8221;Titillium Web|700||on|||||&#8221; background_layout=&#8221;dark&#8221; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;][\/et_pb_button][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Mapping in the EASM cycle is the starting point for analyzing an external attack surface. The data collected during this phase represents the vision of a malicious actor who is interested in an organization: websites and their technologies, remote access referenced or not, administration interfaces, possible connected objects left open to the Internet, an application that you thought was decommissioned, and potentially other systems that you do not suspect. <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[34],"tags":[],"class_list":["post-3663","post","type-post","status-publish","format-standard","hentry","category-blog-en"],"_links":{"self":[{"href":"https:\/\/www.dsecbypass.com\/en\/wp-json\/wp\/v2\/posts\/3663","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dsecbypass.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dsecbypass.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dsecbypass.com\/en\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dsecbypass.com\/en\/wp-json\/wp\/v2\/comments?post=3663"}],"version-history":[{"count":7,"href":"https:\/\/www.dsecbypass.com\/en\/wp-json\/wp\/v2\/posts\/3663\/revisions"}],"predecessor-version":[{"id":3711,"href":"https:\/\/www.dsecbypass.com\/en\/wp-json\/wp\/v2\/posts\/3663\/revisions\/3711"}],"wp:attachment":[{"href":"https:\/\/www.dsecbypass.com\/en\/wp-json\/wp\/v2\/media?parent=3663"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dsecbypass.com\/en\/wp-json\/wp\/v2\/categories?post=3663"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dsecbypass.com\/en\/wp-json\/wp\/v2\/tags?post=3663"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}