Aardwolf was developed to address a gap in the market: organizations with limited resources need greater visibility of their internet-facing assets and more broadly, their organization’s external risk exposure.
Traditional network vulnerability scanning fails to uncover application-layer vulnerabilities. Bug bounty programs are a costly alternative that provide a false sense of security as programs become stale and researchers move on.
Aardwolf maximizes the efficiency and effectiveness of an organization’s risk management program. Our platform inventories external assets and tracks the constantly changing interrelationships of the organization’s digital footprint. From there, Aardwolf validates defensive controls and uncovers internet-facing, high-risk vulnerabilities that traditional approaches miss. We boil the ocean, and our security consultants distill the noise into validated, contextualized findings.
Unauthenticated application vulnerability identification
Aardwolf identifies SQL injection, cross-site scripting, remote code execution, local file inclusion, and other high and critical-risk application-layer vulnerabilities. These vulnerabilities typically are not identified by network vulnerability scanners.
Dangerous-port and risky service scanning and tracking
Aardwolf discovers RDP (remote desktop), MySQL, FTP and other risky services that are exposed to the internet. Attackers frequently target these services in brute force and credential stuffing attacks to gain unauthorized access to target systems.
Subdomain enumeration and discovery
While traditional network vulnerability scanning may only detect a handful of IP addresses, subdomain enumeration may discover hundreds of applications hosted on a single IP.Aardwolf identifies new and existing systems exposed to the internet.
Application directory enumeration
Aardwolf scours web applications to find publicly-accessible backup files, credentials stored in configuration files, confidential documents and more. Threat actors routinely search thousands of applications for the presence of a single file that can be weaponized.
Identification of dangling DNS pointers
Managing subdomain DNS records for root domains can become cumbersome because of the quantity of domains registered and the complexity of those configurations. If DNS records are not culled when an application is deprecated, it becomes possible for threat actors to hi-jack those subdomains. This service identifies such stale records.
Internet archive data
Applications sometimes pass sensitive data to and from a web browser as URL parameters. Even when encrypted in-transit, this sensitive data is visible to web crawlers. Aardwolf identifies risky files, application credentials, API keys, database backups, and more that are archived and retrievable in the Internet Archive.
Cloud service providers host customer data in storage blobs or buckets. These storage containers are often unsecured and open to those who knows how to find them. Our service identifies if our clients’ sensitive information is stored in these containers.
Application backdoor identification
Aardwolf crawls applications and searches for the existence of known or commodity backdoor executables used by threat actors. Oftentimes, when applications are compromised, threat actors will implant these backdoor executables to maintain persistent access, then patch the application to keep others out.
Abricto remediation support
Abricto consultants validate remediation efforts by retesting vulnerabilities that have been marked as “retest requested”. This gives clients the flexibility to test individual findings for expeditious validation that vulnerabilities are no longer exploitable.
Aardwolf gathers tremendous amounts of data on externally facing assets. The Aardwolf dashboard will provide executive metrics and visualizations of key data points. The dashboard supports drill down capabilities for analysts to conduct their own research as needed.
Credential stuffing and password spraying
Aardwolf leverages publicly disclosed credentials from breaches available on the internet; credentials will be attempted against any and all management interfaces identified on clients’ internet-facing systems. In cases where passwords are not known, password spraying will be leveraged to identify vulnerable accounts.
Certificate health and compliance monitoring
Aardwolf monitors, identifies, and escalates expired or soon to expire encryption certificates. By detecting and alerting expiring certificates, organizations can renew these certificates to prevent service outages. Aardwolf identifies broken or misconfigured certificates that cause denial of service or loss of confidentiality and/or integrity. We also monitor certificate compliance to standards such as FIPS, PCI, and others.
Unindexed API identification and interrogation
Threat actors target APIs because business logic vulnerabilities are hard to detect with conventional scanning tools but are often severe in risk criticality. Aardwolf identifies and interrogates API endpoints for injection vulnerabilities, information disclosure and more.
Public source code identification
Code repositories often contain sensitive information used by threat actors to gain authenticated access to an organization’s systems. Such sensitive information is usually published by accident or because of subcontracting development efforts. Aardwolf identifies unrestricted GitHub repositories disclosing credentials and API keys.