External attack surface
Domains, subdomains, exposed services, forgotten staging environments, cloud assets outside your CMDB. Continuous verification rather than one-off scans.
INFORMATION GATHERING · OSINT
What an attackeralready knowsabout you.
Every operation begins with reconnaissance. Often a structured look at your external attack surface is enough to identify the most dangerous open flanks — without ever firing an exploit. Book information gathering as a standalone service or as a precursor to a red team operation.
01 · SCOPE
What we make visible.
Credential and document leaks
Searching public and commercial leak databases for credentials, API keys, and internal documents belonging to your organisation and your suppliers.
Employee and social footprint
Which employees are particularly attractive spear-phishing targets through LinkedIn, conference talks or code repositories? Which technologies do they unintentionally disclose?
Supply-chain exposure
Your attack surface does not end at your perimeter. We examine third-party integrations, SaaS trusts, and exposed CI/CD pipelines that reach into your environment.
02 · METHOD
Passive, active, prioritised.
We start fully passive from open sources — no packet you did not expect ever touches your perimeter. Only in a second phase, and only with explicit approval, do we perform active verification: service fingerprinting, authenticated paths, reachability checks. Every finding is prioritised by criticality, exploitability, and business impact — not CVSS alone.
03 · DELIVERABLE
A report you can actually work through.
You receive a prioritised attack-surface report with a concrete top list: what to take down immediately, what to harden, what to monitor. Every observation is documented with source, timestamp, and reproduction path. On request we deliver the result as a JSON feed into your asset or ticketing system.
KNOW WHAT ATTACKERS SEE
External view, before somebody else takes it.
A one-off deep dive or continuous monitoring — we align the engagement to your maturity and tempo.