-
Notifications
You must be signed in to change notification settings - Fork 24
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
44 additions
and
0 deletions.
There are no files selected for viewing
44 changes: 44 additions & 0 deletions
44
content/en/Platform Deep Dive/Engagements/digital-risk-assessment.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| --- | ||
| title: "Digital Risk Assessment" | ||
| linkTitle: "Digital Risk Assessment" | ||
| weight: 100 | ||
| description: > | ||
| Review details & methodology for Digital Risk Assessments. | ||
| --- | ||
|
|
||
|
|
||
| ## Digital Risk Assessment | ||
|
|
||
| A Digital Risk Assessment (DRA) is a systematic process for identifying, analyzing, and prioritizing potential threats and vulnerabilities from an attacker’s perspective within an organization's digital ecosystem. | ||
|
|
||
| Digital Risk Assessment is a type of engagement outside of our standard Pentesting as a Service. Refer to the below chart for details of a Digital Risk Assessment. | ||
|
|
||
| | **Feature** | Description | | ||
| |---|---| | ||
| | **Fulfilled by** | Cybersecurity Services | | ||
| | **Number of credits** | Typically between 6 - 12 credits, dependent on scope | | ||
| | **Number of testers** | 1 tester | | ||
| | **Collaboration** | Slack | | ||
| | **Retesting** | Yes - according to your [credit tier](https://www.cobalt.io/pentest-pricing) | | ||
| | **Earliest start date** | Earliest start date will be based on availability. <i>Typical start dates of 3-5 business dates once test is submitted to In Review</i> | | ||
| | **Test duration** | Typically 10 days. <i>Finalized once test is moved to Planned</i> | | ||
| | **Report due date** | 5 business days after the test end date. Report will be delivered as a PDF within Reports section of the platform | | ||
| | **Kick off call** | Not included | | ||
| | **Debrief call** | Not included | | ||
|
|
||
| ### Methodology Details | ||
|
|
||
| Cobalt will use publicly available information and commonly used OSINT methodologies and tooling (such as those documented at https://osintframework.com) to assess an organization from an external, adversarial perspective. Cobalt will employ a passive approach to OSINT reconnaissance. | ||
|
|
||
| Activities conducted within a Digital Risk Assessment are noted within the brief: | ||
|
|
||
| - Company research | ||
| - Domain and host enumeration | ||
| - Email, name, phone, and username harvesting | ||
| - Advanced Search Engine Operators ("dorks") | ||
| - Attempts to identify code used for internal applications | ||
| - Password dumps | ||
| - Attempts to identify sensitive or proprietary indexed files | ||
| - Identification of employee badges on social media sites | ||
| - Building layouts | ||
| - Online brand protection |