OUR PORTFOLIO
ERP IT System & Service MGMT CRM Business intelligence Cyber SECURITY BUSINESSDATA & FACTS
10.467.311.280 pwned accounts 2020 90% malwarecomes from email
Over 43 billion yearly spent Threats constantly evolving 75% of violations
are caused by human error
CYBER SECURITY
OFFENSIVE
PENETRATION TEST SOCIAL ENGINEERING RED TEAMINGDEFENSIVE
PASSWORD AUDIT EXPOSURE ASSESSMENT VULNERABILITY ASSESSMENT GAP ANALYSIS SECURITY TRAININGOneTime | SaaS | SaaS&Managed
EXPOSURE ASSESSMENT
One Time | SaaS | SaaS & Managed
Verification of exposed resources
Reproduction of the attacker's point of view Reconnaissance phase simulation
Mitigation and remediation actions WHAT
EXPOSURE ASSESSMENT |
One Time
EXPOSURE ASSESSMENT |
One Time
HOW
Company inputs collection Objects collection
Research of weaknesses Research of correlations
Creation of a detailed report Report presentation
Domain(s) | Keywords
Hostnames | IP addresses | Account e-mail
EXPOSURE ASSESSMENT |
One Time
WHERE
Surface Web Deep Web Dark Web
Paste Site Search |Open Bug Bounty | Brand Reputation Social Network | Blacklisted IPs| WayBack Machine| Telegram Groups & Channels | Data Leak Forums
Data Breach Databases | TOR Network | Cyber Attacker Group Sites
Verification of exposed resources
Reproduction of the attacker's point of view Reconnaissance phase simulation
Mitigation and remediation actions WHAT
EXPOSURE ASSESSMENT |
SaaS
EXPOSURE ASSESSMENT |
SaaS
HOW
Domain(s) | keywords
Hostnames | IP address | E-mail account
Graphs | Reports | Stats | Notifications
Company inputs collection
Continuous objects collection Research of weaknesses
Research of correlations
Autonomous use of SATAYO Portal API for Monitoring platforms
Notification via Telegram and e-mail Daily report generation
EXPOSURE ASSESSMENT |
SaaS
WHERE
Surface Web Deep Web Dark Web
Paste Site Search |Open Bug Bounty | Brand Reputation Social Network | Blacklisted IPs| WayBack Machine| Telegram Groups & Channels | Data Leak Forums
Data Breach Databases | TOR Network | Cyber Attacker Group Sites
Verification of exposed resources
Reproduction of the attacker's point of view Reconnaissance phase simulation
Mitigation and remediation actions WHAT
EXPOSURE ASSESSMENT |
SaaS & Managed
EXPOSURE ASSESSMENT |
SaaS & Managed
HOW
Domain(s) | keywords
Hostnames | IP address | E-mail account
Graphs | Reports | Stats | Notifications
Company inputs collection
Continuous objects collection Research of weaknesses
Research of correlations
Joinly use of SATAYO Web Portal API for Monitoring platform
Analysis and solution proposal Daily report generation
Ticket | Phone call | E-mail NetEye
EXPOSURE ASSESSMENT |
SaaS & Managed
WHERE
Surface Web Deep Web Dark Web
Paste Site Search |Open Bug Bounty | Brand Reputation Social Network | Blacklisted IPs| WayBack Machine| Telegram Groups & Channels | Data Leak Forums
Data Breach Databases | TOR Network | Cyber Attacker Group Sites
SATAYO provides detected evidences (per domain) appropriately filtered on the basis of sources and keywords selected by cyber
security analysts team1.
EXPOSURE ASSESSMENT SaaS |
DEEP & DARK WEB
Ursula von der Leyen
Presidente della Commissione europea
Ursula Gertrud von der Leyen, nata Albrecht, è una politica tedesca, membro della CDU e Presidente della Commissione europea dal 1° Dicembre 2019. Wikipedia
1 All members of our team are CEH (Certified Ethical Hacker) certified and
SATAYO is able to provide extracts of passwords and accounts used to register on services that have suffered data breaches; these are constantly updated by our cyber security analysts team.
DATA BREACH
EXPOSURE ASSESSMENT SaaS |
No metric can be used with certainty to indicate how costly the data breach of a single access credential might be. The potential actions stemming from that data breach are wide-ranging and the values are calculated on the basis of the risk assessment specific to each organization.
Some examples
Unicredit (600k) Università Campus
SIMILAR DOMAINS
EXPOSURE ASSESSMENT SaaS |
xn--teslamtors-dx3e.com teslamọtors.com
SATAYO is able to detect registered
domains that are similar to the one used by your organization. In fact they could be potentially used to generate targeted phishing attacks (spear phishing).
SATAYO shows an extraction of the evidences (example: logs, config. files, passwords, etc...) detected within the repositories used by the developers of the organization.
REPOSITORY
SATAYO shows the weaknesses detected on the organization's resources:
unmanaged social pages
poorly configured mail servers SSL misconfigurations
management ports insecure protocols
WEAKNESSES
VULNERABILITY ASSESSMENT
One Time | On-Prem
WHAT
VULNERABILITY ASSESSMENT |
One Time
Vulnerabilities identifications Vulnerabilities quantification Vulnerabilities prioritization
VULNERABILITY ASSESSMENT |
One Time
HOW
Private IP addresses | Public IP addresses
Scope of engagement definition Cataloging of assets & resources
Identification of vulnerabilities for each resource Vulnerability analysis and solution proposal
Creation of a detailed report
VULNERABILITY ASSESSMENT |
One Time
WHERE
Networking equipments WiFi
Server & clients IoT & IIoT
WHAT
VULNERABILITY ASSESSMENT |
On-Prem
Vulnerabilities identifications Vulnerabilities quantification Vulnerabilities prioritization
VULNERABILITY ASSESSMENT |
On-Prem
HOW
Private IP addresses | Public IP addresses
Scope of engagement definition Cataloging assets & resources
Continuous identification of vulnerabilities
Integration of 3rd party system Monitoring | SIEM
VULNERABILITY ASSESSMENT |
On-Prem
WHERE
Networking equipments Server & clients
GAP ANALYSIS
WHAT
GAP ANALYSIS
Identification of current risk controls Identification of residual risks
HOW
Interview to organization key people Use of CIS Controls
Analysis of «AS IS»
Identification of «TO BE» set of cyber actions Creation of a detailed report
Report presentation
GAP ANALYSIS
TM
WHERE
GAP ANALYSIS
Physical interview Remote interview
SECURITY TRAINING
WHAT
SECURITY TRAINING
Cyber Security Essential
Cyber Security Intermediate Cyber Security Advanced
Exposure Analysis with OSINT Social Engineering + ETEL game Industrial Control System Security
HOW
SECURITY TRAINING
Class room
WHERE
SECURITY TRAINING
Customer site Würth Phoenix Microsoft Teams
PENETRATION TEST
WHAT
Exploits detected vulnerabilities
Performed according to standard methodology
HOW
Vulnerability Assessment
Research on vulnerabilities exploitation Exploit
Creation of a detailed report Report Presentation
PENETRATION TEST
WHERE
PENETRATION TEST
Networking equipments WiFi
Server & clients IoT & IIoT
Web services
Web applications Mobile applications
PASSWORD AUDIT
WHAT
Dictionary attack
Rainbow Table attack Brute Force attack Hybrid attack
HOW
Company inputs collection Cracking execution
Creation of a detailed report Report presentation
PASSWORD AUDIT
Password hashes
One method | Multi method
WHERE
PASSWORD AUDIT
Active Directory Database
SOCIAL ENGINEERING
WHAT
Exploits of human factor
HOW
SOCIAL ENGINEERING
Phishing | Dumpster diving | Evil Twin
Impersonation | Baiting | Vishing | Lockpicking
Choice of Attack Vector(s) Info gathering
Attack simulation
Creation of a detailed report Report presentation
WHERE
SOCIAL ENGINEERING
Employees
Top management Key people
RED TEAMING
WHAT
RED TEAMING
Multi-layered attack simulation
Organization's detection and response capabilities test Focuses on the objectives rather than on used methods
HOW
RED TEAMING
Info gathering
Identification of weaknesses Attack simulation
Creation of a detailed report Report presentation
OSINT
WHERE
RED TEAMING
THE RIGHT SERVICE
PEOPLE PROCESS IT SERVICES ORGANIZATION INCREASING AWARENESS POSTURE COMPLIANCY SECURITY IMPROVEMENT INCIDENT DETECTION RESPONSE CAPABILITY SECURITY TRAINING SOCIALENGINEERING PASSWORDAUDIT
GAP ANALYSIS PENETRATION TEST EXPOSURE ASSESSMENT RED TEAMING VULNERABILITY ASSESSMENT
