HudsonRock Cavalier: Cybercrime Intelligence Solution

[Seraphbyte]

Hi THT members, today I wanted to share with you some informations about HudsonRock's Cavalier Intelligence solution
Cavalier: Compromised Credentials Data Source​

HudsonRock Cavalier is a cybercrime intelligence data source which is consist of compromised millions of host machines in global malware spreading campaigns. It is based on forensic technologies and operational know-how developed at the IDF's 8200 Unit to counter Nation-State adversaries and professional threat actors.
"Cavalier’s high-fidelity data protects employees, partners, customers, and digital assets with unprecedented granularity of threat vectors including Ransomware, Business Espionage, Breaches & Network Overtakes."

Role Based SAAS​

Cavalier API​

you can register with your business email address in order to Get Free Custom Cavalier API Key or Schedule a Demo​

link:

Schedule a Demo to See Cavalier™ and Bayonet™ in Action — Hudson Rock

Would you like to see‍ Bayonet™ & Cavalier™ in action? It's easy! Simply schedule a time with our sales team that’s convenient for you.

www.hudsonrock.com

HR Cavalier Cybercrime Intelligence Free Integration​

https://cavalier.hudsonrock.com/api/json/v2

https://cavalier.hudsonrock.com/api/json/v2/osint-tools/search-by-domain?domain=tesla.com

API ENDPOINTS​

Here we overwiew several type of API Endpoints search quaries. Remember if you are using HudsonRock's free service, there are limitations like:

Rate Limit:​

50 requests per 10 second

Pagination:​

50 stealers per page

Authentication​

curl -L -X POST 'https://cavalier.hudsonrock.com/api/json/v2/search-by-domain'       
-H 'api-key: YOURAPIKEY'   -H 'Content-Type: application/json'       
--data-raw '{"domains": ["tesla.com"]}'

Search By Login​

Hudson Rock provides its clients the ability to query a database of over 29,661,065 computers which were compromised through global info-stealer campaigns performed by threat actors. The database is updated with new compromised computers every day, offering cybersecurity providers the ability to alert security teams ahead of imminent attacks, when users get compromised and have their credentials stolen.

curl -L -X POST 'https://cavalier.hudsonrock.com/api/json/v2/search-by-login'         
-H 'api-key: YOURAPIKEY'   -H 'Content-Type: application/json'         
--data-raw '{"login": "[email protected]"}'

Search By IP​

It's also supports CIDR lookup, for an example response search for the following term: 45.166.26.62/28
*CIDR must have a suffix between 21-32.
single IP Request:

curl -L -X POST 'https://cavalier.hudsonrock.com/api/json/v2/search-by-ip'               
-H 'api-key: YOURAPIKEY'     -H 'Content-Type: application/json'     
--data-raw '{"ip": "190.3.30.97"}'

CIDR Request:

curl -L -X POST 'https://cavalier.hudsonrock.com/api/json/v2/search-by-ip'     
-H 'api-key: YOURAPIKEY'        -H 'Content-Type: application/json'     
--data-raw '{"ip": "45.166.26.62/28"}'

External Attack Surface​

"External attack surface Solution that is derived from URLs accessed by computers that were compromised through global malware spreading campaigns performed by threat actors. This helps identifying employees of companies that had their computers compromised and are accessing sensitive infrastructure belonging to the company that cannot be found through scraping or otherwise, but is known to threat actors attempting to hack companies through shadow IT."

curl -L -X POST 'https://cavalier.hudsonrock.com/api/json/v2/search-by-domain/discovery'
-H 'api-key: YOURAPIKEY' -H 'Content-Type: application/json'
--data-raw '{"domain": "trendmicro.com"}'

some of data from the result:

root":{ 3 items
"employees_urls":[ 100 items

0:{ 3 items
"occurrence": 28
"type": "employee"
"url": "https://adfssts.trendmicro.com/adfs/ls"
}

1:{ 3 items
"occurrence": 16
"type": "employee"
"url": "https://adfssts.trendmicro.com"
}

2:{ 3 items
"occurrence": 11
"type": "employee"
"url": "https://adfssts.trendmicro.com/adfs/ls/idpinitiatedsignon.aspx"
}

3:{ 3 items
"occurrence": 8
"type": "employee"
"url": "https://adfssts.trendmicro.com/adfs/ls/"
}

4:{ 3 items
"occurrence": 8
"type": "employee"
"url": "https://tmx.trendmicro.com"
}

5:{ 3 items
"occurrence": 7
"type": "employee"
"url": "https://owa-apac.trendmicro.com"
}

about Bayonet:
"Imagine getting access to a lead-generation platform featuring hundreds of thousands of compromised companies around the world with active vulnerabilities that you can convert into customers.."

Video YT

Spoyler: 🐣

REFERENCE
https://www.hudsonrock.com/cavalier
https://cavalier.hudsonrock.com/docs

 

[CyberRulz06]

Keep the great work going

 

[AimPluqqed]

Good topic.

 

[Seraphbyte]

Keep the great work going

grazie for feedback

Good topic.

thanks

 

[an0un]

Nice topic, well done

 

[Seraphbyte]

Nice topic, well done

thanks

 

[DarkEmir]

Useful info, good article

 

[Seraphbyte]

Useful info, good article

thank youu

 

[ancients123]

It's a good article ,
The information at the end is really good, it allows you to commercialize this work

 

[Seraphbyte]

It's a good article ,
The information at the end is really good, it allows you to commercialize this work

thanks
actually in the end I don't wanted them "commercialize"

 

[ancients123]

Even if you don't do it, someone is already doing it, under the name of “penetration testing companies”, it can enter a place where there are more vulnerable companies, and it can be a small source of income for hackers.

 

[Seraphbyte]

Even if you don't do it, someone is already doing it, under the name of “penetration testing companies”, it can enter a place where there are more vulnerable companies, and it can be a small source of income for hackers.

If I say It's already there maybe..
However, using HudsonRock or anything like this, threat intel agencies able to identify hackers, how? in some cases hackers infect themselves with malware. And like this "solutions" will detect and include their identification in their databases. Like these cases already have been in the past. For instance: when "malware author infected themselves with their own malware" and then identity reveal process gone..

 

[ancients123]

There is a part that I wonder if they are infected, how does the system detect it and put it on their site? After all, it tries an unreported virus on itself.

and also they are already there, it's a nice experience and a high profit for ethical hacker departments.

If I say It's already there maybe..
However, using HudsonRock or anything like this, threat intel agencies able to identify hackers, how? in some cases hackers infect themselves with malware. And like this "solutions" will detect and include their identification in their databases. Like these cases already have been in the past. For instance: when "malware author infected themselves with their own malware" and then identity reveal process gone..

 

[Seraphbyte]

There is a part that I wonder if they are infected, how does the system detect it and put it on their site? After all, it tries an unreported virus on itself.

and also they are already there, it's a nice experience and a high profit for ethical hacker departments.

they buy it directly from threat actors )
the incident that I said:

Prominent Threat Actor Accidentally Infects Own Computer with Info-Stealer

Hudson Rock is an Israeli cybercrime intelligence company.

hudsonrock.substack.com

 

[ancients123]

Thanks

 

[Seraphbyte]

Thanks

thank you too for feedback )