Running an effective bug bounty program requires balancing an attractive scope and payout to hunters with an attack surface that challenges hunters to do more than automated scans. Program managers want to pay for skillful findings, not automated ones. In this episode, we talk about how ASM helps optimize your bug bounty program.

In this episode, we discuss the blindspots of IP-centric approaches to asset discovery and the importance of understanding the full attack surface of an organization. We unpack the challenges posed by modern cloud architectures, load balancers, and WAFs, and how these can create blind spots in reconnaissance efforts. We also highlight the significance of subdomain data and passive DNS in uncovering hidden attack surfaces that traditional scanning methods might miss. We talk about:- The...

This week's episode dives deep into the concept of shadow exposure and how it relates to third-party software, often overlooked in discussions about shadow IT. We explore the historical context of shadow IT, its evolution, and the real risks associated with widely deployed enterprise software that organizations may not fully understand. Join us as we discuss: The origins and implications of shadow ITThe challenges of visibility and transparency with third-party vendorsReal-world examples of...

In this more technical episode, we dive deep into the complexities of DNS and DNS resolution in the context of Attack Surface Management (ASM). Join us as we explore the unseen challenges that arise when scaling asset discovery, particularly when dealing with DNS wildcards and their implications for security scanning solutions. Our hosts, Michael and Shubs, share their extensive experiences in managing DNS resolution at scale, discussing the importance of accurate asset discovery and the...

Today, we explore the world of asset discovery and reconnaissance, particularly how these practices have evolved over time. Historically, discussions around reconnaissance have been overly simplistic and tool-centric, often focusing solely on the latest tools rather than the underlying principles and methodologies. Join us as we break down our approach to reconnaissance into five key elements: breadth, depth, context, amplification, and focus. We discuss the importance of understanding the...

In this episode, we dive into the technical complexities of DNS resolution in the context of ASM asset discovery. Join us as we discuss the challenges, implications, and solutions we have encountered while dealing with DNS resolution at scale. From DNS wildcards to security scanning considerations, we explore the importance of DNS data and its role in comprehensive reconnaissance. Our hosts, Michael and Shubs, share their experiences and insights gained from years of perfecting DNS resolution...

There's a lot of confusion in the ASM (Attack Surface Management) market. Today we discuss the core principles of ASM, the challenges of building and maintaining an effective ASM system, and the importance of safety and accuracy in external attack surface scanning. We share insights on the differences between asset discovery and exposure management, the pitfalls of relying on off-the-shelf tools for ASM, and the critical role of curated checks in ensuring the quality and safety of scanning...

Today, co-hosts Michael and Shubs reflect on the six-year milestone of Assetnote and do a deep dive into a critical Magento bug. They explore the importance of proactive and reactive security research, the limitations of traditional vulnerability scoring systems like CVSS and EPSS, and the significance of understanding exploitability in assessing vulnerabilities. Learn about the need for deeper insights into security risks and the value of in-depth research for security teams. To learn more...

Today we look at Attack Surface Management (ASM) with a focus on what true ASM entails. Join us as we discuss the core principles of ASM, the importance of understanding real exposure on your attack surface, and the role of security research in identifying vulnerabilities beyond known CVEs. Discover how our team at Assetnote pioneers a new approach to security research, uncovering hidden exposures and providing actionable insights for our customers. Tune in for a deep dive into the core...

In this podcast episode, Michael and Shubs explore the background and evolution of Assetnote, a pioneering Attack Surface Management platform. They discuss the company's origins, the challenges faced in its early days, and the strategic decisions that established it in the market. They discuss the importance of speed and scale and the value of automation and security research and provide their unique approach to building a successful product. To learn more about Assetnote, visit...

Over the last decade, ServiceNow has been deployed readily across enterprises. With its growing popularity, combined with the lack of visibility organizations have on its security posture, at Assetnote, we worked hard to discover vulnerabilities in the ServiceNow platform. Assetnote Security Researcher, Adam Kues, spent over a month finding an exploit chain and was credited with CVE-2024-4879, CVE-2024-5178, and CVE-2024-5217. At the time of discovery, these vulnerabilities affected an...

On May 14th, 2024, we disclosed a chain of vulnerabilities to ServiceNow, resulting in 3 new CVEs. This series of security issues affected all Vancouver and Washington ServiceNow instances (around 42,000 globally), allowing an attacker to execute code on the instance. In this live Q&A, Assetnote security researcher Adam Kues explains his approach to how he found these vulnerabilities, highlighted in our recent research post. He is joined by hosts, Michael Gianarakis and Shubham...