See your exposure from your attacker’s perspective
We construct a view of your organization from publicly available information. The very same information being used by your most motivated adversary.
How it works
Create an account, and optionally invite other users.
Provide us with a list of targets, these are used as starting-points for data gathering.
Watch the data pour in
Our infrastructure will begin collecting information relevant to your organization. Watch as your profile begins to grow.
Compare your profile
Attack Bound gives your profile a Threat Exposure Score. Benchmark against the industry or other public profiles.
Dig into the various reports to find concrete recommendations to improve your Threat Exposure Score.
Follow your evolution
As your real threat exposure changes, your profile will evolve to reflect that. Follow along as you move to the top of your industry!
Are you depending on software or infrastructure which is unwittingly giving footholds to attackers?
What can be discovered about your employees and their responsibilities?
Is your vendor providing a bridge, straight over your defenses, to your most valuable assets?
In November 2020, we completed a prototype using select government agencies as a case-study. The aim was to demonstrate the breadth of practically useful information available to attackers.
The prototype was a resounding success, and we are now working to bring Attack Bound to the market on a SaaS subscription basis.
The image shows the tool’s threat exposure map, a drill-down view of an organizations exposure, culminating in concrete details such as public S3 buckets or open Facebook profiles.
In many recent, highly-publicized data breaches, the attackers didn’t succeed due to sophisticated 0days or covert operations. Instead they made use of detailed, publicly available information to pinpoint organizational weaknesses. Seemingly innocuous information on the people, processes, and infrastructure of an organization can turn out to be highly valuable. It helps the adversary to avoid anything well defended and focus on those overlooked corners.
By recognizing how lucrative this information can be to potential attackers and generating a detailed map of such information, we allow organizations to reduce the risk associated with this information by highlighting exactly where countermeasures need to be implemented.
We gather information from a large (and growing!) set of sources. Here is a sample.
Dark-web data leaks
Watching leaked datasets on the dark-web for relevant information.
Scanning for publicly exposed services, and determining protocols, software, and versions.
Collecting published documents and extracting useful metadata.
Social media profiles
Statistical analysis to determine social media profiles associated with your organization.
Mapping out sub-domains via brute-force search.
Finding possible avenues for spoofing intra-organizational email, or email from trusted third parties.
Register your interest
Leave us your email address, and we’ll notify you when Attack Bound is available.
If you have any queries, leave a message, and we’ll get back to you.