Customer portal
Category

Product news

"pwn
Product news

pwnReport tool for MSSP and Enterprise customers

by Amir Hadzipasic
September 23, 2022

One of the features which we’ve been working on recently is a pwnREPORT Breach Report Tool. I’m pleased to say this is now available for our MSSP and Enterprise customers.

What does it do?

  • Generates an aggregated breach report for records found across our BreachDB, OSINT collections and Dark Web.
  • Searches for a provided company email domain.
  • Returns a CSV document on completion for you to download.

Watch the short video below to see it in action.

pwnREPORT Breach Report Tool

This kind of tool is precisely what we try and focus on. Simple execution of a query and a quick, useful output for you to use and potentially share.

If you have any questions, please don’t hesitate to get in touch and book a call / demo here.

Photo by Kevin Ku on Unsplash.

"SOS
Product news, The Dark Web

SOS Intelligence Dark Web Map

by Amir Hadzipasic
September 7, 2022

We thought it would be interesting to show you something we generate every now and again…

That is our representation of the SOS Intelligence Dark Web Index, the physical placement of the nodes represents the interconnectivity between onion services on the Dark Web (Tor).

It is an energy model of the network structure of the Dark Web.

The diagram is a visual representation of an energy model of the network structure for interconnecting onion services 

Essentially, If a node has a lot of links, it has a heavier weight applied to it.

If a node has fewer links, it has a lighter weight applied to it and has less weight represented. The more links, the more central we represent that node on the map. Therefore onion services with fewer inbound or outbound links get ‘pushed’ outward to the edges of the map. Onions with more links weigh more so are positioned more centrally.

The colour is a computed modularity class – the social network of the nodes. We have calculated the community networks of the nodes. i.e. how likely it is that a node is linked to other nodes within the network. 

What we get is a spatial representation and social network of around 43000 nodes in the past 24 hours.

The colour itself is random, but the membership of the colour is representative of their social network. What we don’t mean is their Facebook membership, but rather their community connections within the Dark Web.

The visualisation is stunning when seen on a large screen so we have made this available to download here in 4K.

SOS Intelligence Dark Web Render

If you are feeling kind, a tweet or short blog post about this would be much appreciated 🙂

"Offensive
Product news, Tips

Offensive Cyber Threat Intelligence for Lawyers and Private Investigators

by Ben Hurst
August 10, 2022

In the last article, I wrote about how legal firms can utilise cyber threat intelligence and the SOS Intel toolkit for cyber defence. But in this article I want to explore a different idea, namely, offensive threat intelligence for legal firms. 

When someone says “cyber crime” what do most people think of? Likely something along the lines of “hacker”. Most will picture someone in a dark room staring at a computer screen with hundreds of lines of code flashing by while frantically typing on their keyboard. 

While hackers like this do exist, they make up a minority of cyber criminals. Cyber stalking is, by far, the most common cyber crime. 

Every year almost 10 million people in the United States are victims of cyber stalking or harassment. The vast majority, about ~80%, of cyber stalking incidents go unreported to law enforcement. To make matters worse, cases of cyber stalking that are reported often go unpunished. From 2010 – 2013, of the roughly 2.5 million reported cases of online harassment, only 10 cases resulted in a prosecution. 

A major reason many of these cases go unresolved is the extensive evidence required to make a case. Collecting evidence on a cyber stalker is a difficult and time consuming process. But, this doesn’t have to be the case. 

Utilising cyber threat intelligence tools, it is possible to collect large amounts of data on a target. Much like other cyber criminals, cyber stalkers use platforms like Telegram and Signal. Threat intelligence tools like the SOS Intel toolkit can pull data from these platforms on a mass scale. Just by crafting a few keywords you can search thousands of terabytes of data.

This “offensive” use of the SOS intelligence toolkit is not isolated to just cyberstalking cases. The SOS toolkit is incredibly versatile, it’s capable of assisting with any sort of research into any internet crime. Let’s take a look at what the SOS toolkit is capable of…

SOS Intelligence Toolkit API

The best way to utilise the SOS Toolkit is the API. The API allows you to integrate the toolkit into 3rd party programs. The API provides you the raw aggregate data and leaves the organisation up to your personal preferences. To start working with the API, first you will need to generate your API key. 

You can do this in the “API” tab of the web interface. Once you click the “generate” button you will see this message:

There are many API clients out there, but for the purpose of simplicity in the example I will be using Postman.

SOS Intelligence offers a Postman Collection file to further simplify the process of  implementing API requests in postman. If you are interested in using the Postman collection, please send an email to “[email protected]” 

Once you have your API key and have imported the Postman collection file (or you plan on manually adding the API requests) you need to add the key to Postman as such:

 Once you have your API key set you are ready to start making API requests! In this example I will be making queries as if I was investigating a cyber crime case. 

Quick note: The user I am searching for in this example is “pompompurin” a known cyber criminal who is active on Twitter and Telegram and administrator of the infamous “Breached Forums”.

Here is a simple query for “breached forums” using the Twitter search function. (Note: At the moment the Twitter search function has a search history limit of 6 months)

The Twitter search function will return any data that matches the search query. If the query matches any of the values or sub-values of a post, the function will return all of the data of said post. 

The data aggregated on each post is entirely dependent on the post itself, i.e. if other users are mentioned or if there are hashtags. It’s worth noting that searches are passed as phrases with “AND” logic. For example, my search for “breached forums” searches for “breached” AND “forums”. This way you can refine your results easily by crafting search queries that match exactly what you’re looking for, automatically weeding out all of the bad results.

Sometimes collecting intelligence from clearnet sources is not sufficient enough. Many hacking forums run both clearnet and darknet sites. The SOS Darkweb search function can search with several different categorical options. The first option is the “Full Text Search” as seen below.

The “full text search” searches through the full text of the site’s page. To narrow down your search results, you can set parameters like “phrase” to true. For example, if I search for SOS Intelligence, the query will pass as SOS “OR” Intelligence. However, if I set the “phrase” parameter to true, this query is passed as SOS “AND” Intelligence. 

The Dark Web Search tool also has special functions for more specific searches like emails and Bitcoin wallet addresses.

The SOS Toolkit puts all of these tools at your disposal instantly. The API is just one method of utilising the toolkit. 

The SOS web application allows you to access the same tools with a more friendly user interface. But the API allows you to integrate the SOS Toolkit into 3rd party OSINT frameworks as well as your own programs/scripts. 

The API provides a simple way to work with the tool kit “offensively”. Utilising several or all of these search functions you can gather a great amount of information on a suspect. You can try these searches out yourself! Remember, we have two community APIs:

  • DARKSEARCH: Provides information about onion websites.
  • CVE Top Talkers: Provides a top list of most talked about CVEs across our threat feeds.

Both can be accessed via a free plan which you can sign up for here 🙂

Photo by Tingey Injury Law Firm on Unsplash.

"SOS
Product news

SOS Intelligence Development Update

by Amir Hadzipasic
August 10, 2022

We can’t stand still. We believe it is vital to keep investigating new threat intel feeds for our customers, so over the last 2 weeks we have created 15 new bespoke collection pipelines to gather intelligence from various hacking forums.

We have also been listening closely to customer feedback…

  • We have developed our alert feedback system with an additional feedback text entry box so that customers can provide additional information web submitting feedback about an alert that was not useful. 
Pop up to give us feedback
  • You can now perform multiple alert actions. If you need to mass acknowledge alerts, or mass vote alerts, select all or a number of individual alerts and perform a multi action. This can be very helpful when acknowledging and closing of a number of alerts that have been dealt with.
Multiple alert actions

We value all of our customer feedback and aim to deliver feature requests as soon as realistically possible. Please continue to give us suggestions and feedback!

Photo by Fotis Fotopoulos on Unsplash.

"SOS
CVE Top 10, Product news

Announcing The SOS Intelligence CVE Chatter Weekly Top Ten

by Amir Hadzipasic
June 16, 2022

Keeping track of the number of CVEs can be a daunting task. We’ve got something that is going to help…

We’ve developed a process which gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

Firstly, what is a CVE?

The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures. The system was launched for the public in September 1999.

The United States’ National Cybersecurity FFRDC, operated by The Mitre Corporation, maintains the system. They do this with funding from the US National Cyber Security Division of the US Department of Homeland Security.

What is a vulnerability?

A vulnerability is a weakness which can be used to access things one should not be able to gain access to. Obviously this is less than ideal! What would an attacker do? Well, they could run some malicious code or install malware. There could even be the option to copy useful data, or delete it.

What is an exposure?

An exposure is different. It’s a mistake made within the network or system, or code, that gives an intruder access to where they shouldn’t be.

Exposures are often mistakes. For example a GitHub repository which is open or an accessible Amazon S3 folder. These can be found accidentally and never become disclosed. What can happen is that they are found by the kind of people who you really don’t want snooping around.

CVE Identifiers give each one a different name, so people can talk about a specific vulnerability by using their name. At the time of writing, there are over 18800 CVEs listed!

So how are we going to help you keep track of CVEs?

We’ve developed a process which gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.  

This is via our unique intelligence collection pipelines, which include the Dark Web.

Every Monday, you’ll see a blog post appear with the latest CVEs which have been discussed the most over the previous 7 days. This is the first one from the 14th June.

If you use RSS (https://en.wikipedia.org/wiki/RSS), then add http://sosintel.co.uk/feed to your reader and you’ll see these automatically.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

We are your eyes and ears online, even in the darkest places.

"SOS
Product news

We have winners for our EMF Camp competition!

by Amir Hadzipasic
May 11, 2022

We recently ran a competition with our friends at EMF Camp to win four tickets to attend this years hotly anticipated event.

After a huge amount of interest, we have randomly picked the four entries and the winners have been notified! Congratulations 🙂

SOS Intelligence is one of the Gold Sponsors of EMF Camp this year. We love the concept of bringing together like minded people over a few days – people with an inquisitive mind or an interest in making things: hackers, artists, geeks, crafters, scientists, and engineers.

We are attending the event and will have some schwag to give away. See you there!

"NCSC
Product news

Tackling the UK’s Ransomware Challenge with the NCSC and Plexal

by Amir Hadzipasic
May 4, 2022

We are delighted to announce that we have been chosen to help the government solve the UK’s most pressing cyber challenge of ransomware.

SOS Intelligence is now part of the NCSC For Startups initiative.

The UK government’s National Cyber Strategy identified ransomware attacks from cyber criminals and state-backed actors in Russia and China as one of the key threats to public services and supply chains.
It highlighted the need to secure the digital environment for all UK internet users, prevent attacks, build basic security in products and services and help individuals and small businesses with basic actions to improve cyber security.

In line with this, the National Cyber Security Centre (NCSC) and Plexal, the innovation company founded by Delancey, have been working closely with emerging technology innovators joining the NCSC For Startups initiative to develop, adapt and pilot technology to help address the growing ransomware challenge.

Amir Hadzipasic, CEO and Founder of SOS Intelligence said:

“We are extremely excited to have been selected as a member of #NCSCforstartups, looking forward to address the ransomware challenge through our early breach detection technology”.

We are focused on helping critical national infrastructure like healthcare organisations and energy systems become more resilient and better protected against ransomware attacks. SOS Intelligence wants to make cyber threat intelligence affordable and accessible to everyone. Our automation technology collects pre-selected keywords from organisations and then scans the dark web, ingesting threat data and looking for mentions of those keywords in Telegram channels or forums.

The startups were chosen based on their relevance to three challenges identified by the NCSC:

  • Defending SMEs from ransomware by providing accessible, low-cost protection
  • Encouraging firms to implement secure backups to minimise the impact of an attack 
  • Addressing risks posed by Remote Desktop Protocol (RDP) as more businesses and individuals implement home and remote working

“Ransomware remains the biggest cyber threat to UK organisations, and tackling it requires a collective effort.

“The five companies selected to join the NCSC for Startups initiative offer various innovative approaches to dealing with ransomware – we look forward to working with them and ultimately further boosting the UK’s cyber security.”

Chris Ensor, Deputy Director for Cyber Growth at the NCS

“The opportunity for innovative and novel ways to address ransomware can often be overlooked. The startups selected to meet this challenge will experience a unique collaboration opportunity with Plexal and the NCSC, gaining critical insights and developing solutions to enhance the resilience of society in the face of unprecedented digital risks and increasingly motivated threat actors.”

Saj Huq, CCO at Plexal

For the full announcement >> www.plexal.com/ransomware-startups
Our profile and the other startups information >> https://www.plexal.com/ncsc-for-startups-members/

Twitter: @NCSC and @PlexalCyber
LinkedIn: National Cyber Security Centre and Plexal Cyber
Instagram: @PlexalCity

To book a demo of SOS Intelligence, please click here.

"JISC"/
Product news

“Cost-effective and timely threat intelligence”

by Amir Hadzipasic
March 9, 2022

JISC are the UK higher, further education and skills sectors’ not-for-profit organisation for digital services and solutions.

They are:

  • Dedicated entirely to the sectors’ individual and collective needs
  • Not a vendor: they deal with and/or work with vendors and publishers on the collective behalf
  • Not for profit: every pound is used for the sectors’ benefit
  • Objective, but not unbiased: they put the sectors’ interests above all else

We are delighted that JISC have chosen to use SOS Intelligence for their threat intelligence and are looking forward to working closely with them in the future.

“SOS Intelligence has provided us with cost-effective and timely threat intelligence. The dark web monitoring and alerting allows us to reassure and help our customers to mitigate potential attack vectors on their infrastructure. The platform is easy to use, with manageable alerting. SOS Intelligence has fantastic customer support and is always meeting our never-ending requirements with feature requests being implemented in record time.”

David Batho Head of protective services at Jisc

SOS Intelligence works with businesses, organisations and MSSPs.

"SOS
Product news

An essential MSSP Cyber Threat Tool

by Amir Hadzipasic
February 28, 2022

When we set out to develop and launch SOS Intelligence, we knew that one of our markets was MSSP providers.

As Gartner succinctly puts it, a managed security service provider (MSSP) provides outsourced monitoring and management of security devices and systems. Common services include managed firewall, intrusion detection, virtual private network, vulnerability scanning and anti-viral services.

Increasingly though, it’s all about Cyber Threats and Dark Web Threat Intelligence.

We are seeing more and more interest in what we do, especially real time breach alerting and reputation monitoring, plus the ability for MSSPs to use us on the behalf of their clients.

Our solution is ideal for managing your customer keywords with our bulk management tools, customer alert filtering and sub-customer dashboards. Once your customers are on boarded you can get started adding their monitoring keywords, receiving and responding to alerts and reviewing customer alerting performance.

One of most recent MSSP clients was kind enough to send this to us:

We have been looking for an intelligent and cost-effective means of Digital Risk Monitoring for our clients for a number of months. Having now implemented the SOS Intelligence solution, we are pleased we have explored a white-label service designed for MSSPs to provide digital risk monitoring.

Easy to use, constantly being improved and with terrific support, we are already seeing a steady stream of information which is benefitting our clients.

Director of Services for a UK MSSP

If you work for a MSSP, then please click here now to book a demo.

Photo by FLY:D on Unsplash

1 2 3
Recent Posts
Recent Comments
    Privacy Settings
    We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
    Youtube
    Consent to display content from - Youtube
    Vimeo
    Consent to display content from - Vimeo
    Google Maps
    Consent to display content from - Google
    Spotify
    Consent to display content from - Spotify
    Sound Cloud
    Consent to display content from - Sound
    Save