As a burgeoning player in the space technology sector, our client recognized the need to conduct a review of their cyber security landscape.
The initial step to bolstering their security posture was an OSINT (Open Source Intelligence) engagement, aimed at understanding the extent of their public-facing data and how this could be exploited by potential adversaries.
The assignment came with two specific objectives:
- University Collaboration: Owing to their inception through close collaboration with local universities, there were numerous research papers and documents containing what is now classified as sensitive information. The primary objective was to ascertain which of this data was still in the public domain.
- IP Address Review: The company provided two specific ranges of their IP addresses. Our goal was to amass technical intelligence based on this data.
Open source intelligence
Fraktal undertook an extensive open source intelligence collection effort, culminating in a detailed report that pinpointed areas of concern. Armed with this information, our client was able to take decisive steps – both to cleanse inadvertent disclosures online and to bolster their technical security measures.
The insights from our business context threat intelligence also played a pivotal role in enlightening employees about the external threat landscape and how adversaries could potentially analyze the company.
Technologies and methods
Technical threat intelligence
We deployed a variety of techniques to accumulate intelligence about the client's technical vulnerability surface.
Business context threat intelligence
We executed an analysis of publicly accessible business-related data and documents to pinpoint potential leaks and security weak points.
Social media threat intelligence
By diving into the social media, we uncovered vital organizational details including roles and relationships that an adversary could potentially exploit