ShadowTrackr

Log in >
RSS feed

Bug fixes and improved software detection

29 April 2024
Besides a bunch of bug fixes, software detection has also improved this week. Attacks on edge devices are ever increasing. We try to detect all devices and technology that are commonly targeted. This week that meant we needed to add detection of Ubuiqiti network devices.

Extra data in certificates

21 April 2024
After fixing a bug that prevented the proper scan of the cryptographic suites used on a TLS server, it was opportune to add some extra data. There are four new fields available:

dh_groups: The list of Diffie Hellman groups used for key exchange, for instance: "RFC3526/Oakley Group 14".

ecdhe_curves: The list of Elliptic curves used in Diffie Hellman, for instance: "prime256v1"

tls12_sig_algs: The list signature algorithms used in TLS 1.2, for instance: "ECDSA+SHA256"

tls13_sig_algs: The list signature algorithms used in TLS 1.3, for instance: "ECDSA+SHA256"

These new fields are available everywhere, including in queries and the API. This example query will give you an overview of all Oaklye groups used in your certificates:

index=certificates dh_groups=*oakley* by dh_groups

Any group below 14 is considered weak these days.

Redesigned alerts

08 April 2024
The alerts interface is redesigned and more similar to the new reports. And like reports, it also has an Alert library to help you set up alerts. There will more more alerts in it, but for now we start with alert templates for:

- Assets appeared on blacklist
- Certificates with bad grades
- Hosts with problems
- New phishy domains
- New subdomain found for specific domain

You can also make your own custom alerts of course. If you miss something, please reach out and we'll see if we can make it for you.
Older posts >

Resources
API
Blog
Documentation
Integrations
Shodan
OpenCTI