#Conquest Security
Open Source Intelligence Services
Why Open-Source Intelligence Services?
The organization or individual members of staff may have been knowingly or unknowingly breached in the past and credentials and confidential information are floating around the web. Example of information we regularly find through OSINT includes:
- Leaked credentials such as usernames, passwords and hashes
- API keys, SSH keys and other secrets in publicly available code repositories
- Production code snippets and secrets in personal code repositories
- Open AWS S3 storage buckets for anyone to access
Service Description
Open-Source Intelligence is a service which gathers publicly available information which is of concern to an organization. We are using both automated and manual techniques to search clear web, deep web and dark web for business relevant information which should not be public.
Tests performed
Our testing methodologies are aligned with the NIST and SANS testing frameworks and includes the following: Secrets in public repositories such as GitHub, identification of open or weakly secure storage such as AWS S3 buckets, analysis of unprotected JavaScript files on customer applications, identification of secrets such as API keys in publicly viewable application source code and looking for misconfigure DNS subdomains which could lead to a takeover.
Why us?
- Consultants with 10+ years of ethical hacking experience
- Consultants certified to highest levels such as OSCP, OSCE, OSWE, GIAC
- Experience across all industry and government sectors
- We are an independent third party concerned with finding & fixing flaws
- No conflict of interest. We are not embedded with HW/SW vendors
- Dedicated Red Team approach with specialists in all technologies