Chaining Three Bugs to Access All Your ServiceNow Data (Live Q&A)

There's a lot of confusion in the ASM (Attack Surface Management) market. Today we discuss the core principles of ASM, the challenges of building and maintaining an effective ASM system, and the importance of safety and accuracy in external attack surface scanning. We share insights on the differences between asset discovery and exposure management, the pitfalls of relying on off-the-shelf tools for ASM, and the critical role of curated checks in ensuring the quality and safety of scanning results. We go behind the scenes regarding the work that goes into creating a reliable ASM system, the impact of open-source tools on the market, and the value of a well-designed and integrated approach to attack surface management. Gain a deeper understanding of the complexities and considerations involved in building and maintaining an effective ASM system, and learn why quality and safety are paramount in safeguarding your organization's external attack surface. Fundamentally change how you secure your attack surface. Assetnote's industry-leading Attack Surface Management Platform gives security teams continuous insight and control over their ever-evolving exposure.

In this podcast episode, Michael and Shubs explore the background and evolution of Assetnote, a pioneering Attack Surface Management platform. They discuss the company's origins, the challenges faced in its early days, and the strategic decisions that established it in the market. They discuss the importance of speed and scale and the value of automation and security research and provide their unique approach to building a successful product.

In this episode, we discuss the blindspots of IP-centric approaches to asset discovery and the importance of understanding the full attack surface of an organization.

In this episode, we dive into the technical complexities of DNS resolution in the context of ASM asset discovery. Join us as we discuss the challenges, implications, and solutions we have encountered while dealing with DNS resolution at scale. From DNS wildcards to security scanning considerations, we explore the importance of DNS data and its role in comprehensive reconnaissance. Our hosts, Michael and Shubs, share their experiences and insights gained from years of perfecting DNS resolution for asset discovery. Discover how DNS records play a crucial role in security scanning, including the detection of DNS misconfigurations and potential security risks. Learn about a fascinating case of DNS poisoning at scale and how it was detected and exploited. Gain valuable insights into the differences between IP-centric tools and a subdomain-centric approach to reconnaissance, highlighting the importance of focusing on DNS data for comprehensive attack surface mapping. Fundamentally change how you secure your attack surface. Assetnote's industry-leading Attack Surface Management Platform gives security teams continuous insight and control over their ever-evolving exposure. For more details about Assetnote's Attack Surface Management Platform, visit https://assetnote.io/ #DNSResolution #ASM #AssetDiscovery #SecurityScanning #Cybersecurity #podcastdiscussion