Leading Asset Discovery Company Redhunt Labs provides a variety of solutions to assist companies in India in securing their online assets and guarding against cyber threats. Our Agent less Platform NVADR has been successful for many of our customers in locating significant data leaks across publicly exposed Docker containers. NVADR has the capability to continually monitor your exposed Docker Assets from across the globe. We also provide a Free Scan if you'd like to examine the Attack Surface of your company. Here to visit our page for more information.

1. Untracked Assets and their Risks – Discussion with Cybernews
Home / Blog / Attack Surface Management Unt racked Asset s and t heir Risks – Discussion wit h Cybernews
/
 Shubham Mittal  14 February, 2022
Untracked Assets and their Risks – Discussion with
Cybernews
Nowadays, securing and managing a company’s digital footprint has become an even more difficult
challenge. With so many subdomains, code repositories, and applications, some untracked assets are
bound to be overlooked. As the attack surface expands, visibility of the complete landscape is essential to
keep an organization’s assets safe.
Nowadays, securing and managing a company’s digital footprint has become an even more difficult
challenge. With so many subdomains, code repositories, and applications, some assets are bound to be
overlooked. As the attack surface expands, visibility of the complete landscape is essential to keep an
organization’s assets safe.
Scattered and unsecured assets can often prove to be attractive
entry points for an attacker.
Sudhanshu Chauhan
Director & Co-Founder, RedHunt Labs
That’s why various cybersecurity tools, including penetration testing, exist to protect companies from
cyber threats.
To discuss penetration and other cybersecurity, we invited Sudhanshu Chauhan of RedHunt Labs – a
company on a mission to discover and eliminate risks that can often go undetected.
What was the journey like since your launch back in 2019?
We started RedHunt Labs in 2019 with a mission to solve one problem, i.e. to help companies continuously
manage their Attack Surface and eliminate shadow IT risks. We were able to raise an angel round within a
month of incorporation. We also started a fully owned subsidiary for technical operations. In 2020 we
released our SaaS platform and have been able to acquire multiple customers for our
‘NVADR’. The team has now grown to 35+ and we recently crossed the
milestone of USD$ 1 million in ARR.
There were multiple challenges during the journey so far, be it the COVID situation, or identifying the
Product Market Fit, however with support from our customers, advisors, and community, we have been
able to overcome them and look towards a bright future for the company.
Can you tell us a little bit about what you do? What makes RedHunt Labs
stand out?
We are an Attack Surface Management (ASM) company, where we help organizations maintain holistic
cybersecurity of their modern digital footprint, globally, by eliminating shadow IT risks and taking control of
their ever-evolving assets on the Internet. In layman’s terms, we provide organizations with a “hacker’s
view of their digital footprint”.
Due to dynamic infrastructures, most organizations today are not able to track their assets on the
internet, while they expose their hosts, domains, subdomains, applications, code repositories, and much
more. All these can become an entry point for a malicious actor. Through our agent-less SaaS platform,
our customers get continuous visibility of these assets and the security risks related to them.
What makes us stand out is our unique capabilities of Open Source Intelligence (OSINT) and offensive
security, which helps us deliver a wide variety of exposure for our customers. Using thousands of our data
collectors deployed across the internet, we have been able to identify critical assets and security issues
for our customers which could have led to a security breach.
What set of tools do you use to detect vulnerabilities?
Although there are multiple commercial and open-source tools out there, most of them are not scalable.
As we have dedicated teams for development and security research, we have developed our own
toolchains to deliver best-of-the-class results for our clients without affecting their performance or
availability. We have written our own port scanners, web scanners, internet-wide data collectors as well as
vulnerability scanning engines and chained them into a scalable system. While we rely on our security
scanners, we focus a lot on finding security exposures, which is quite often the root cause of vulnerabilities.
Also, to deliver a service like ours, we need to collect, filter and store large amounts of data. Early on in our
journey, we realized that the existing solutions wouldn’t cut it, so we deployed our own data collection bots
to gather data and asset correlations without impacting the services we collect from.
Did you notice any new methods used by threat actors arise as a result of
the pandemic?
Recently we have noticed that the threat actors are not just targeting servers and traditional IT
ecosystems such as Web applications but also non-traditional assets such as public docker containers,
leaked credentials in code repositories, exposed internal portals. Also, there has been a rise in services
that are required for people who work from home, , RDP, etc.
In recent years, penetration testing has become standard practice. Can you
briefly describe what this practice is like?
Indeed, Penetration testing has become standard practice. The goal of a penetration test is to identify
exploitable issues in the provided scope, so that appropriate security controls can be implemented. A
penetration test can cover different types of scope, such as Web Applications, Mobile Applications,
Internal/External Network, Cloud Environments.
A standard penetration test starts with the client defining the scope of the assessment and then
automated, and manual tests are performed by the testing team. A detailed report of the assessment is
provided to the client, which contains the details of the identified vulnerabilities, including description, proof
of concepts, steps to reproduce, remediation, and references.
Although penetration testing is a useful practice, it has two major gaps:
Having the component of discovery and being continuous makes Attack Surface Management (ASM) a
perfect complement to penetration testing in any security management program for a CISO.
You recently launched an initiative called Project Resonance. Share with us,
what are the key takeaways so far?
is an effort to “give back to the community” by creating awareness and improving the
security of the Publicly Exposed data/information.
We focus specifically on identifying different kinds of systems and components that are unknown to
security teams. Examples of such systems/components are unknown custom headers, data leak patterns,
modern technology stacks, custom protocols, third-party dependencies, etc.
Waves are sent out to billions of assets collected by our cluster of bots deployed across the internet, and
useful insights are extracted and shared with the community (through blog posts, tools release, and data
sets) to serve a larger purpose of making the Internet a more secure place.
For example, recently we which were found to be
leaking thousands of sensitive data (passwords, keys, etc.). In another Project Resonance wave, we shed
light on exposed on the internet.
Besides regular penetration tests, what other security measures can
companies take to protect themselves against cyberattacks?
First and foremost is visibility. One can’t protect what they don’t know. Having multiple teams across
multiple geographies leads to multiple untracked assets that security teams are unaware of. Having an
updated inventory of the exposed assets helps in identifying and prioritizing actions.
Apart from this here are a few measures, every organization should take to better protect against
cyberattacks:
What security tools would you recommend for personal use?
For personal use, I would recommend using Password managers, MFA tools, Endpoint security products for
both laptop/desktop and mobile devices.
And finally, what does the future hold for RedHunt Labs?
Looking at the recent trends in the ASM industry and the progress we have made so far, we are growing
rapidly and will become the global leader in ASM. We are currently working on some major partnerships to
deliver our product to various geographies. Also, there are multiple product integrations that we are
working on, which will help organizations to observe the results from the platform easily. We are also
looking to expand our R&D team to discover more attack surfaces for our customers and deliver
unmatched results compared to any other product in this space.
Link for the original interview –
Let’s Reduce Your Org’s Attack Surface.
Attack Surface
Management (ASM) product
such as VPN encryption
Restricted scope: The scope is pre-defined and limited.
Point in time activity: Most organizations perform penetration tests only annually or half-yearly. This leaves
a gap in security between the assessments.
Project Resonance
scanned millions of publicly exposed Docker images
thousands of unauthenticated Databases
Regular patching and updating software.
Use MFA or Passwordless technologies.
Employee security awareness training.
Regular Data Backup.
Regular security assessments.
Avoid installing software from untrusted sources.
Following the principle of least privilege.
https://cybernews.com/security/sudhanshu-chauhan-redhunt-labs-
most-organizations-today-are-not-able-to-track-their-assets-on-the-internet/
Request Free Trial
 At t ack Surface Management  Business  News & Announcement s  T ips
Previous:
Internet-Wide Study: State of SPF, DKIM,
and DMARC (Wave 6)
Next:
Making Sense of the Dirty Pipe Vulnerability
(CVE-2022-0847)
What are you loo Search
ALL CATEGORIES
Attack Surface Management
Business
CISOGuides
News & Announcements
Pentesting
Press-Release
Project Resonance
Security Best Practices
Security Risks
Technology
Tips
Tool-Release
LATEST POST
6 Reasons You Need to
Manage Your External
Attack Surface
Attack Surface
Management – Risks of
an Exposed Docker
Image
Analysing Misconfigured
Firebase Apps: A Tale of
Unearthing Data
Breaches (Wave 10)
Attack Surface
Management – Risks of
an Exposed Service /
Port
OpenSSL v3: Two High-
Priority Patches and A
Week of Horror
BLOG ARCHIVES
March 2023
November 2022
October 2022
September 2022
June 2022
May 2022
April 2022
March 2022
February 2022
January 2022
December 2021
November 2021
October 2021
September 2021
June 2021
May 2021
March 2021
February 2021
December 2020
November 2020
July 2020
June 2020
April 2020
May 2019
BLOG TAGS
android apps attack surface
attack surface
management
continuous security
cve-2022-22965 cyber
cybersecurity data-leak
Data breach dataleaks
Dependency Confusion Attack
dns misconfigurations docker
domain takeover easm entrepreneur
exploit exposed risks exposed service
featured firebase httploot
internet-security
internetsecurity kubernetes kubestalk
linux management open port
opensource openssl osint
patch-management pentesting pii
project-resonance Project Resonance
scanner secret security spf records
spring4shell surface
threat-research vulnerability
RESEARCH COMPANY DOWNLOADS
REGISTERED OFFICE
102 First Floor, 60, Grays Inn Road,
London, United Kingdom, WC1X 8AQ

 DROP AN EMAIL
info@redhuntlabs.com
 CALL US
+(91) 9971 658929
 BOOK MEETING
/calendly
Blog
Code Leak Search Engine
Project Resonance
Talks And Presentations
About Us
Media Kit
Events Calender
Community Support
Privacy Policy
Terms & Conditions
Compliance Policy
Sample Report
Request Free Trial Schedule Meeting
Copyright © 2023 . ALL RIGHTS RESERVED. Developed By :
Redhunt Labs Dreamsdesign.in
Home About Us Products Resources Career Blog Contact Us Email Us
We value your privacy
We use cookies to enhance your browsing experience,
serve personalized ads or content, and analyze our
traffic. By clicking "Accept All", you consent to our use
of cookies.
Customize Reject All Accept All