See your exposure from your attacker’s perspective

We construct a view of your organization from publicly available information. The very same information being used by your most motivated adversary.

How it works

Sign up

Create an account, and optionally invite other users.

Provide targets

Provide us with a list of targets, these are used as starting-points for data gathering.

Watch the data pour in

Our infrastructure will begin collecting information relevant to your organization. Watch as your profile begins to grow.

Compare your profile

Attack Bound gives your profile a Threat Exposure Score. Benchmark against the industry or other public profiles.

Identify improvements

Dig into the various reports to find concrete recommendations to improve your Threat Exposure Score.

Follow your evolution

As your real threat exposure changes, your profile will evolve to reflect that. Follow along as you move to the top of your industry!

Tech

Are you depending on software or infrastructure which is unwittingly giving footholds to attackers?

Social

What can be discovered about your employees and their responsibilities?

Supply-chain

Is your vendor providing a bridge, straight over your defenses, to your most valuable assets?

Government Prototype

In November 2020, we completed a prototype using select government agencies as a case-study. The aim was to demonstrate the breadth of practically useful information available to attackers.

The prototype was a resounding success, and we are now working to bring Attack Bound to the market on a SaaS subscription basis.

The image shows the tool’s threat exposure map, a drill-down view of an organizations exposure, culminating in concrete details such as public S3 buckets or open Facebook profiles.

Why

In many recent, highly-publicized data breaches, the attackers didn’t succeed due to sophisticated 0days or covert operations. Instead they made use of detailed, publicly available information to pinpoint organizational weaknesses. Seemingly innocuous information on the people, processes, and infrastructure of an organization can turn out to be highly valuable. It helps the adversary to avoid anything well defended and focus on those overlooked corners.

By recognizing how lucrative this information can be to potential attackers and generating a detailed map of such information, we allow organizations to reduce the risk associated with this information by highlighting exactly where countermeasures need to be implemented.

Data sources

We gather information from a large (and growing!) set of sources. Here is a sample.

Dark-web data leaks

Watching leaked datasets on the dark-web for relevant information.

Service fingerprinting

Scanning for publicly exposed services, and determining protocols, software, and versions.

Document metadata

Collecting published documents and extracting useful metadata.

Social media profiles

Statistical analysis to determine social media profiles associated with your organization.

DNS enumeration

Mapping out sub-domains via brute-force search.

Email security

Finding possible avenues for spoofing intra-organizational email, or email from trusted third parties.

Register your interest

Leave us your email address, and we’ll notify you when Attack Bound is available.

If you have any queries, leave a message, and we’ll get back to you.

If you'd like to drop us a message, please enter it here.