Mapping The True Perimeter
The centre of our External Exposure Assessment is enumeration. We enumerate your perimeter comprehensively, discovering the full range of hosts and domains genuinely associated with you. We assemble this picture from the same sources an attacker would - certificate transparency logs, DNS and WHOIS records, the IP ranges registered to your organisation through its ASN, search engines, and internet-wide scan data from services such as Shodan and Censys - precisely because the asset that hurts you is so often the one that appears in these records but on no internal inventory. Part of our goal is to find shadow IT and abandoned infrastructure that are not formally part of your asset register. Across that surface we seek to scan every port, identify the services that have them open, and determine the specific pieces of software in use and their versions. Once we have that information, we assess each against known vulnerabilities and dangerous-by-default exposure, by correlating fingerprinted versions against published CVEs and the availability of working public exploits. We pay particular attention to the high-value targets: remote access services such as RDP and VPN gateways, exposed administrative interfaces, file shares, databases that should never face the internet, and the cloud storage buckets whose misconfiguration has caused so many public breaches.