Elevator Pitch
What does your company security look like to an attacker, or potential new customer? Open Source Intelligence can be used as an indicator of security posture - if you haven’t looked, or want an updated view - we can do that in the workshop!
Description
If you have ever wondered why an attacker might target your organisation, or what legacy systems are open to the internet, then this session is for you. Many organisations now carry out routine Open Source Intelligence and passive perimeter scans on their suppliers (current and potential), customers and their own public facing infrastructure. It’s the same technique that a more advanced adversary or APT (advance persistent threat) actor might carry out if they have in interest or intent to attack your organisation.
Why?
It helps them identify potential weak spots, or routes into your network, which they can the further probe to uncover any weaknesses they can exploit. This approach has no doubt been used in two recent major attacks following release of vulnerabilities leading to the Citrix Bleed and Slash and Grab bugs which have been actively exploited in the wild.
In this workshop, we’ll carry out a basic OSINT scan of your public-facing domain, and offer advice on what actions you might want to take mitigate any identified risks.
Notes
Technical Requirements: Internet connection, and potentially a screen to show the room any results we have found.
This session will be led by an NCSC Certified Cyber Advisor, with over ten years of experience, supported by the wider business team.