- This topic has 1 reply, 2 voices, and was last updated 6 years, 11 months ago by .
- You must be logged in to reply to this topic.
ThreatAgent Drone™ bootstraps security assessments by providing Attack Surface reports for Humans
Drone takes a different approach when it comes to passive Open Source Intelligence (OSINT). It is built provide actionable intelligence on limited sources, not trying to collect “all the things”. My belief is that you can be just as effective on social engineering, penetration testing, and user awareness training with smaller sets of data.
An example of smaller data sets is Drone only looks through the top 100 search results for LinkedIn. Sure there could be thousands of results for any organization, but 100 will suffice for an successful attack. Drone also take a similar approach with hosts, it only tries to identify the low hanging fruit and attack scenarios that are likely to happen.
Drone shouldn’t be viewed as a final product when it comes to a security assessment or attack surface. The attack surface report can be used to bootstrap assessments and their reports. Drone can also be used to educate students, organizations, and especially management on attack surface, threat modeling, and OSINT.
Drone intentionally offers less in order to provide more value which is a key principle taught in Rework. I believe the organizations are inundated with too much information and struggle to make decisions to improve security. Too many tools focus on scenarios that are “highly” unlikely to ever happen. Sometimes less is better.
Instead of building tools that provide information to feed into other tools, I’m building tools for humans. You can follow the journey at http://www.threatagent.com.
A short blog post from trustedsec on ThreatAgent Drone:
Ran this through some tests, pretty decent even for the free account.
– EH-Net Live! Still finalizing the details, so Stay Tuned for our next webinar coming on Thurs March 19 @ 1:00 PM EST. Reg Open Next Month!
– EH-Net Live! August – Video & Deck Available Now! for “Shellcode for the Masses” w/ John Hammond from Jan 29.
– EH-Net Live! December – Video & Deck Available Now! for “Burp-less Hacking – Learning Web Application Pentesting on a Budget” w/ Phillip Wylie from Dec 19.
– EH-Net Live! November – Video & Deck Available Now! for “All Things CTF!” w/ Ray Doyle of EverSecCTF from Nov 21.
– EH-Net Live! October – Video & Deck Available Now! for “Hacking Humans” w/ Hadnagy, Paul & Baron from Oct 29.
See all EH-Net Live! Videos
More on the EH-Net YouTube Channel
Copyright ©2020 Caendra, Inc.