➤Summary
We are happy to announce a new version of Kaduu 2.1! It includes a few cool features.
What is Discord?
Discord is a popular communication platform designed for online communities and gamers. It offers a variety of features including text, voice and video chat, file sharing, and gaming integrations. Discord is available as a browser-based web app, a desktop app for Windows, MacOS, Linux and as mobile apps for iOS and Android. The platform allows users to create and join virtual servers (also called “Discord servers”) to connect with others based on common interests.
How is Discord used by hackers?
Discord can be used by hackers in various ways, including:
How many channels exist?
It’s not possible to determine the exact number of Discord channels that exist, as the platform allows for an unlimited number of servers and channels to be created. The number of Discord channels continues to grow as new servers are created and existing servers add new channels. Discord has over 150 million monthly active users, so there are likely a large number of channels across all the servers on the platform.
What channels do we monitor?
What is the threat?
In this deep-web search, we log in to +50 known hacker forums with various accounts and submit the keyword that is entered in the search mask of Kaduu. For example, you can enter your company name or a brand to see if people are talking about it in the forums. If there are results for the search term, we show them in a link as a download. The corresponding pages are saved as a screenshot and also as a web page. We focus on the most popular forums in English, German, French and Russian language.
Introduction
Hacker forums provide clues to possible attack techniques, attack preperations against clients or leacked data. Kaduu enables you to explore and monitor hacker forums, allowing our clients to gain a better understanding of the tools and techniques used by hackers and the areas that are most likely to come under attack.
How do we search forums?
In this deep-web search, we log in to +50 known hacker forums with various accounts and submit the keyword that is entered in the search mask of Kaduu. For example, you can enter your company name or a brand to see if people are talking about it in the forums. If there are results for the search term, we show them in a link as a download. The corresponding pages are saved as a screenshot and also as a web page. We focus on the most popular forums in English, German, French and Russian language.
How do we present the data?
If we find any result related to your search keyword, you can download the screenshot and html file in an archive.
Hackers share data leaks on Telegram in different ways. In some channels, hackers post data dumps with short explanations about what people can find in them. In these channels, minimal conversations occur. However, there are also dedicated hacking groups where many members actively discuss various aspects of Internet crime. There are many more ways Telegram is used by hackers:
How many channels exist and how can we keep track?
Telegram has over 500 million active users, and many of these users are likely to have created or joined channels. Telegram allows anyone to create a channel and there’s no limitation or verification process to it, so the number of channels on the platform is quite high. Additionally, many of these channels are likely to be inactive or used for legitimate purposes, so it’s difficult to estimate the number of channels that are specifically used for hacking or other illegal activities. We try to keep track of channels, but we will only cover a very small fraction of all channels.
How do we search forums?
Kaduu allows you to search the discussion history by comparing your keyword query with real accounts and presenting you the results in a downloadable format. We query around 200+ Telegram channels.
Are there any limitations?
To be able to do monitor Telegram, we use a variety of Telegram accounts. Because Telegram has security filters that block users how generate too many requests, we have to limit the number of requests to a maximum of 5 per customer per day. Please be aware that we query +200 channels at the same time.
AWS S3 is an object storage service in the Amazon cloud. S3 allows both users and applications to save and retrieve practically any type of data that can be stored in its digital form. S3 data is saved in buckets. These are containers of software in which data can be stored and retrieved on an as-needed basis. Many enterprises continue to leave cloud storage buckets unprotected, even though extensive documentation is available on how to properly secure these buckets. Recent studies (https://laminarsecurity.com/blog/new-research-finds-21-of-publicly-facing-cloud-storage-buckets-contain-sensitive-pii-data/) have shown that 1 in 5 publicly accessible buckets contained sensitive data (PII). In the past, many buckets have been widely exposed (https://github.com/nagwww/s3-leaks). In Kaduu, you can monitor S3 buckets, but also Azure cloud storage containers for sensitive data related to your keyword.
The main S3 security risks
Some of the most important S3 risks include:
How to search and monitor cloud storage?
You can enter any keyword like “bank” or “bank switzerland” and Kaduu will monitor for the exact match in public cloud storage on a daily base. Your monitored keywords are displayed on the dashboard and result can be viewed by clicking the “view” button. We suggest using the company name rather than the domain (example instead of example.com). But if the company name is too generic, you might end up with more than 5000 results. This is the limit we display per keyword.
What data should you look for?
Basically any senstive data. Ususally only the own company knows best what is considered senstive according to the data classification. In general it can be said that sensitive data is any data that should not be accessible to unauthorized persons. Sensitive data may include personally identifiable information (PII), such as social security numbers, financial information, or login credentials. A sensitive data compromise occurs when an organization unknowingly discloses sensitive data or when a security incident results in the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of or access to sensitive data. Such data compromise may result from inadequate protection of a database, misconfigurations when setting up new instances of data storage, inappropriate use of data systems, etc.
GitHub is a web-based platform that is primarily used for version control and collaboration in software development. It is built on top of the Git version control system and offers a wide range of features to support software development teams.
Using GitHub for an organization can introduce a number of security risks, including:
How can you investigate the results?
Kaduu allows you to capture search terms and check their publication on publicly available Github repositories. If there is a match, we publish the result with the corresponding link. Kaduu connects to Github once per day for each keyword. After you entered the keyword, you should see some results under the “view” button. Please be patient, the search can take up to 2 hours.
Google hacking, also known as Google dorking, is the practice of using advanced operators in the Google search engine to find security vulnerabilities in websites. These operators can be used to search for specific file types, sensitive information, and other vulnerability-related information. It is often used by security researchers and hackers to find vulnerabilities in websites and networks. There are google Dork lists like https://www.exploit-db.com/google-hacking-database which can be used in combination with your domain. If any result appears in Kaduu, it means that there is a possible security vulnerability or data exposure in one of the webservices of your organisation.
What vulnerabilities can be exposed using google hacking?
Google hacking can be used to expose a variety of vulnerabilities in websites, including:
How to use Google Dork Monitoring?
Please enter you domain like “example.com” and not “www.example.com” to not limit the results to a specific server. The domain you enter will be queried once per day using a Google API call. If there are any results, you can see them by clicking on “view”. You will see all the alerts that have been triggered using your keyword. The query type will reveal what keyword has triggered the alert.
Leak and account trends show how your company exposure is evolving over time. This feature works based on pre-configured alerts, so please make sure you have them set up.
Compare your company’s synthetic risk score against reference companies from Fortune 1000 and Forbes Global 2000. You can select any industry or country for comparison.
Use customizable DOCX templates to automatically generate complex reports with lists, tables and any formatting you need.
Template language is based on Word Content Controls. It allows using conditional text blocks, lists, filters, etc.
Assets and asset groups help you to easily manage alerts for your infrastructure. You don’t need to create individual alerts anymore – just create assets of a desired type and they will be automatically converted to alerts with appropriate search syntax.
Now you can track whether triggered alerts have been submitted to your email address or webhook, and if not – see the error message.
Every social network post gets a negativity sentiment score in percents, where 0% means a totally positive comment, and 100% means a note full of disappointment.
Get new domain notifications faster with “Active Domain” tracking. Just specify your main domain name as a keyword and get notified on new similar domains almost instantly. This tool was designed to overcome downsides of our domain feed providers.
We are using a new additional domain feed for .ch and .li domains – https://www.switch.ch/de/open-data/
Use phrase search in leaks, containing 2-3 words. Previously our leak search had a flaw, that didn’t allow doing that.
Ransomware news widget to track all recent news from ransomware hacker groups.
The new version of Kaduu supports 3 new botnet log providers. It will take some time to add new data, but we are already working on it.
Most companies only discover leaks once it's too late. Be one step ahead.
Ask for a demo NOW →