Skip to content
VigilGuard Logo VigilGuard
Contact Us
EASM Platform VendorGuard ITRM Platform

Digital Persona Analysis

Digital Persona Analysis

Section titled “Digital Persona Analysis”

5 automated security scanners

Technical Forum Participation

Section titled “Technical Forum Participation”

Purpose: The purpose of this scanner is to analyze technical forum participation for a given domain and company, identifying potential exposures and risks associated with their use of cloud services, microservices architecture, and infrastructure as code (IaC) practices.

What It Detects:

  • This scanner detects the presence of cloud service usage such as Kubernetes and AWS in discussions on forums like Stack Overflow and Reddit.
  • It identifies issues where company-specific information is disclosed publicly, potentially leading to security risks.
  • It discovers potential exposure points in GitHub repositories that may reveal infrastructure details or credentials.

Inputs Required:

  • <domain>: The domain name of the organization being analyzed.
  • <company_name>: The name of the company whose technical forum participation is being assessed.

Business Impact: This assessment is crucial as it helps in understanding how sensitive information about cloud services, microservices architecture, and infrastructure details are disclosed publicly. Such disclosures can lead to unauthorized access or exploitation by malicious actors, impacting both the organization’s reputation and its security posture.

Risk Levels:

  • Critical: The scanner flags a critical severity finding when it detects that company credentials have been exposed in public forums. This could lead to unauthorized access and significant damage to the organization’s assets and integrity.
  • High: A high risk level is triggered by the discovery of sensitive information such as AWS keys or private IP addresses being disclosed publicly, which can be exploited for malicious activities.
  • Medium: Medium severity findings occur when there are indications that the company might be using cloud services without proper security configurations, exposing potential vulnerabilities in their infrastructure.
  • Low: Low risk level is assigned to informational findings such as usage of generic terms like “microservices” or “cloud” without specific mentions of a particular company’s products or practices.
  • Info: Informational findings are noted when the scanner identifies common industry terminology used in discussions about cloud services and microservices, which does not necessarily indicate any security risk.

Example Findings:

  1. A Stack Overflow question titled “Acme Corp’s migration to Kubernetes” reveals that Acme Corp is using Kubernetes for their microservice architecture, indicating a potential exposure of infrastructure details.
  2. An AWS key was found in the comments section of a Reddit post discussing DevOps practices, which could lead to unauthorized access and significant damage if intercepted by malicious parties.

Personal Domain Registration

Section titled “Personal Domain Registration”

Purpose: The purpose of this scanner is to analyze personal domain registration for a given domain and company. It aims to identify any potential risks associated with similar domain names, content on these domains, and social media presence that may indicate unauthorized use of the corporate brand.

What It Detects:

  • Similar domain names that could be registered by an individual or entity using the corporate brand without authorization.
  • Content on these domains that references the company name, suggesting potential misuse of the brand.
  • Exposure of personal portfolios or social media accounts mentioning the company, indicating unauthorized use of the corporate identity online.
  • SSL certificates issued for similar domain names, which could be used to track and verify unauthorized usage.
  • Personal domain registrations that expose email addresses belonging to the company, potentially leading to unauthorized disclosure of sensitive information.

Inputs Required:

  • <domain>: The main domain under investigation.
  • <company_name>: The name of the company whose brand is being checked for potential misuse.

Business Impact: This analysis is crucial as it helps in safeguarding corporate reputation and intellectual property by identifying unauthorized use of the company’s brand across various online platforms. Unauthorized domain registrations and social media mentions can lead to significant legal, financial, and reputational damage if not promptly addressed.

Risk Levels:

  • Critical: Identifies critical risks such as unauthorized use of the corporate brand in domains that could cause immediate legal issues or severe damage to the company’s reputation.
  • High: Indicates high risk scenarios where personal domain registrations expose sensitive information, similar domains are registered using the corporate name, and there is evidence of misuse on social media platforms.
  • Medium: Signifies medium risks involving potential unauthorized use in domains that could lead to future legal disputes or brand confusion.
  • Low: Informs about low risk scenarios where minor instances of misuse are detected but do not pose significant threats to the company’s interests.
  • Info: Provides informational findings on minor occurrences that may require monitoring and ongoing assessment for potential changes in the digital landscape.

Example Findings:

  1. An unauthorized domain “acmeinc.com” was registered, which could lead to confusion among consumers and legal issues if not properly addressed.
  2. Personal GitHub portfolio “jsmithdev” exposes mentions of Acme Corporation, indicating unauthorized use of the corporate brand in a personal online presence.

Social Media Activity Profiling

Section titled “Social Media Activity Profiling”

Purpose: The Social Media Activity Profiling scanner is designed to analyze and profile digital persona activities on social media platforms such as LinkedIn and Twitter in relation to a specific company’s technology stack, projects, and organizational changes. This tool helps identify the presence of the company’s technologies, discussions about their products or services, and potential frustrations expressed by employees on these platforms.

What It Detects:

  1. LinkedIn Activity: Profiles related to the company are detected through Google searches, providing insights into who is talking about Acme Corporation on LinkedIn.
  2. Twitter Activity: Discussions around technology topics such as microservices architecture or mentions of specific projects like “Acme/internal-tool” are identified in tweets.
  3. Twitter Tech Discussions: Direct references to technologies used by Acme Corporation, captured through keywords and contextual analysis.
  4. Twitter Frustration Tweets: Complaints about deployment issues or other organizational challenges are flagged, indicating potential internal dissatisfaction.
  5. GitHub Activity Patterns: Repository names and descriptions that suggest involvement of Acme Corporation in open-source projects or internal tools provide a view into their contributions and interests.
  6. Conference Presentations: Slides or presentations discussing the company’s technology strategies or specific projects are detected at industry conferences.
  7. Blog Posts: Articles on third-party platforms, particularly those mentioning Acme Corporation’s technologies or initiatives, are monitored for insights.

Inputs Required:

  1. Domain: The target domain name (e.g., “acme.com”) to search for relevant social media activity.
  2. Company Name: The official name of the company (“Acme Corporation”) that is being analyzed.

Business Impact: This analysis is crucial as it provides a real-time pulse on how external and internal stakeholders perceive Acme Corporation’s technological advancements, challenges, and overall reputation. Understanding these perceptions can help in strategic decision-making regarding technology investments, customer engagement strategies, and potential PR crises management.

Risk Levels:

  • Critical: Identifies significant risks such as public disclosure of critical vulnerabilities or unauthorized access to sensitive information.
  • High: Indicates high risk areas like widespread use of outdated technologies that could lead to security breaches.
  • Medium: Points to moderate risks where improvements in processes, controls, or technology adoption would significantly enhance security posture.
  • Low: Signifies minimal risks that may require only minor adjustments for better security practices.
  • Info: Provides informational findings about general discussions and public mentions without direct implications on critical systems.

Example Findings:

  1. “Acme Corporation’s use of microservices architecture is widely discussed across Twitter, indicating strong engagement with emerging technology trends.”
  2. “Internal complaints about deployment issues are flagged in tweets, suggesting potential challenges in the company’s DevOps practices.”

Non-Corporate Email Usage

Section titled “Non-Corporate Email Usage”

Purpose: The purpose of this scanner is to analyze non-corporate email usage within repositories associated with a given domain and company name. It aims to identify personal emails used in commits, which can indicate potential exposure of sensitive information or unauthorized data access.

What It Detects:

  1. Non-corporate email usage in GitHub repository commits.
  2. Personal emails found in HackerOne disclosure sources.
  3. Emails discovered during conference discussions related to the company’s name.
  4. Emails sourced from mailing lists where the domain is mentioned.
  5. Emails found on paste sites, potentially indicating involvement in development projects outside of official channels.
  6. Repeated usage of personal emails across multiple platforms and sources.
  7. Dominance of Gmail as a personal email service used within the organization’s repositories.

Inputs Required:

  1. Domain: The target domain to analyze for non-corporate email usage.
  2. Company Name: The name of the company whose repositories are being analyzed.

Business Impact: This analysis is crucial as it helps in identifying potential security risks associated with unauthorized data access and exposure, which can lead to severe consequences such as data breaches or intellectual property theft. It also aids in compliance efforts by highlighting personal information usage policies.

Risk Levels:

  • Critical: Identifies critical vulnerabilities where sensitive information is exposed publicly through non-corporate emails.
  • High: Indicates high risks of unauthorized access and exposure, particularly if the leaked data includes proprietary company information or personally identifiable information (PII).
  • Medium: Signals medium risk where personal email usage might suggest a lack of adherence to corporate security policies but does not pose immediate critical threats.
  • Low: Informs about minimal non-corporate email usage and indicates that the organization’s data is well protected against unauthorized access through such means.
  • Info: Provides informational findings on minor instances of personal email use, which generally do not affect the security posture significantly unless they are part of a larger pattern or involve critical information.

Example Findings:

  1. A GitHub commit contains an email address from a non-corporate domain, suggesting potential exposure of internal company data.
  2. An employee’s personal Gmail account is used in multiple repositories for sensitive discussions, increasing the risk of unauthorized access to proprietary information.

Digital Identity Linkage

Section titled “Digital Identity Linkage”

Purpose: The Digital Identity Linkage Scanner is designed to analyze and detect digital identity linkage across various platforms such as GitHub, Twitter, and Stack Overflow for a given domain and company name. It aims to identify if there are any public records that reveal the presence of corporate emails and social media handles associated with the organization.

What It Detects:

  • Corporate Emails Found: The scanner searches for publicly available email addresses that match the domain of the specified company, indicating potential employees or contacts affiliated with the organization.
  • Employee Patterns: It identifies patterns in public profiles (e.g., GitHub usernames) that suggest connections to the company, such as using similar naming conventions or being listed as contributors on corporate repositories.
  • GitHub Identities: The scanner scans GitHub for accounts linked to the specified domain, potentially revealing internal contacts or project contributions.
  • Twitter Identities: It searches Twitter for handles that mention or are associated with the company name, which could be indicators of employee use of personal social media accounts in a professional capacity.
  • Stack Overflow Identities: By analyzing profiles on Stack Overflow, the scanner can uncover user information and connections that might suggest involvement in technical discussions related to the company’s projects or interests.
  • Username Correlations: It identifies correlations between GitHub and Twitter usernames, suggesting potential links between personal and professional digital identities.
  • Linked Identities: The scanner aggregates data from different platforms to provide a comprehensive view of how an organization’s name is represented across various social media and developer platforms.
  • Email Patterns: It categorizes the types of email addresses found in public records, helping to understand the typical naming conventions used by employees or contacts within the company.

Inputs Required:

  • Domain: The top-level domain (e.g., “acme.com”) for which the analysis is being conducted.
  • Company Name: The legal name of the organization whose digital identity linkage is to be analyzed.

Business Impact: Identifying and analyzing corporate email addresses, social media handles, and developer profiles is crucial as it helps in understanding the digital footprint of an organization. This information can be leveraged for various purposes such as reputation management, compliance monitoring, risk assessment, and more. It also aids in preventing potential data breaches or misuse of confidential information by ensuring that sensitive personal data is not publicly disclosed.

Risk Levels:

  • Critical: The scanner identifies a high number of direct corporate email exposures (e.g., over 50% of the identified emails are from the company domain) and significant public presence on multiple platforms, indicating potential unauthorized disclosure of sensitive information.
  • High: There is evidence of at least one critical finding or a substantial amount of data publicly available that could be used to infer internal contacts or project details related to the company.
  • Medium: The scanner detects several indicators of corporate involvement but does not reach the severity level of high, indicating potential risks requiring attention and further investigation.
  • Low: Minimal public presence is detected, suggesting a lower risk profile for unauthorized disclosure of information.
  • Info: Informational findings such as limited or no significant public records are found, which may indicate minimal exposure but also suggest the need for proactive management of digital identity visibility.

If the README doesn’t specify exact risk levels, infer them based on the scanner’s purpose and impact.

Example Findings:

  • Finding 1: The domain “examplecorp.com” reveals multiple public GitHub repositories linked to “Example Corp”, indicating potential internal use of personal accounts for corporate projects.
  • Finding 2: A Twitter handle “@example_co” is found mentioning the company name, which suggests that an employee might be using a professional social media account for work-related activities.