Security Solutions | 4 mins
Hadrian is proud to announce the release of AI Path Age Detection, the world's first reconnaissance tool of its kind. Conducting reconnaissance is crucial for understanding the hacker mindset. The tool, which is available to all Hadrian customers, helps security researchers and teams find and assess security vulnerabilities.
Inside AI Path Age Detection
Finding weaknesses in organizations’ security that can be exploited is one of the principal skill sets of hackers. In fact, the class of cybercriminal, Initial Access Brokers, almost exclusively focus on conducting reconnaissance in order to acquire access to corporate networks that they can sell on the dark web to ransomware gangs. Hadrian’s AI Path Age Detection feature is a game-changing reconnaissance tool for security teams, enabling them to find potential vulnerabilities more easily than ever before.
The new capability answers two critical security questions: what is the full scale of my attack surface, and where are the vulnerabilities in it?
Hadrian uses machine learning algorithms to identify web paths under a domain and identify outdated services running on them. Security team can quickly find and drill into the paths with Hadrian, completely automating a task that would otherwise be prohibitively time-consuming.
The key to AI Path Age Detection is the use of machine learning algorithms trained on tens of thousands of pages collected for over 20 years. By analyzing pages’ HTML content and the structure of web paths the AI is able to detect patterns associated with different time periods. The result is an estimation of web page age, which serves as a useful proxy for how vulnerable the page could be.
For example, in the screenshot below the detected age of pages on a domain range from 3 - 17 years. Pages that appear to be 17 years old would be of interest to a security analyst as it is more likely to have security vulnerabilities than younger pages.
Figure 1. The detected age of pages on a domain range from 3 - 17 years
Clicking on the domain security teams can access a breakdown of all web paths and individual page ages. In the example below, we can see that the /auth page appears to be very old. This is a concern because authentication pages are often used to create accounts or sign in. The high age means that a malicious actor could potentially compromise the page to create a fake account which could be leveraged to gain access to other systems.
.png?width=741&height=390&name=New%20Project%20(18).png)
Figure 2. The detected age of an authentication page is 17 years old
Using Hadrian, Security teams can quickly identify and prioritize outdated pages. In the above example it would would mitigate the likelihood that an authentication is compromised as part of an attack.
Reconnaissance is key to security
AI Path Age Detection is a new tool in the reconnaissance toolkit for security teams. The core objective of reconnaissance, the first stage in the MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework, is to find vulnerabilities that could be exploited. The ATT&CK framework was built to provide a structured way of describing cyber adversary behavior. It categorizes 14 tactics and techniques used by threat actors during different stages of a cyber attack.
In-depth knowledge of reconnaissance techniques and sub-techniques is required to analyze threats and secure networks. Automating reconnaissance techniques Hadrian, and focusing teams on the weakest parts of their attack surface, enables organizations to prioritize remediation more effectively. Hadrian's ethical hacking team has helped develop new techniques, such as AI Path Age Detection to equip teams with the best possible insights.
Next generation reconnaissance
Continuous innovation is required to stay ahead of threat actors. In-house teams (and 3rd parties) have utilized reconnaissance tools for analyzing target organizations’ networks have been around for many years. The methods employed by the tools fall into two categories: passive and active. Below are some of the most popular options:
- FindSubDomains is a passive recon tool that helps identify an organization's associated websites. While many of these sites are meant for public access, some may unintentionally be exposed online. Accessing error pages or inadvertently exposed internal pages can yield valuable information about the company's systems.
- Shodan is another passive tool that scans the web for devices connected to the internet. It allows hackers to locate these devices within a company's IP address range, providing a good starting point when looking for online devices and assisting in identifying potential weak points within a network.
- Nmap is a well-known tool for active network reconnaissance. It scans networks to uncover system details and running programs using various scan types that exploit system or service operations. By targeting a system or an IP address range, hackers can gather extensive information about the network.
- OpenVAS is an open-source vulnerability scanner designed to identify vulnerable applications running on a system and provides a variety of details about potentially exploitable vulnerabilities.
These tools are often cumbersome to configure and require time to analyze the results and generate next steps. Hadrian’s AI-powered offensive cybersecurity platform can find all of the insights of these tools and much more. Our platform equips security teams with information about weaknesses in an organization’s posture before threat actors have the opportunity to exploit it. To learn more about automating reconnaissance get in touch with one of our experts.
