VulPen Engine is our innovative and all-in-one infrastructure vulnerability scanner and penetration testing solution. VulPen Engine is unique, because it effectively combines penetration testing and infrastructure vulnerability scanning in a fully automated process allowing it to run 24/7/365.

Through VulPen Engine, we replicate the process of a real threat actor or hacker and take the outside in approach. We do not require login details, internal agents or any other type of initial network access for our solution to work. We also aim to achieve consistency by planting reverse shell triggers and/or backdoors as part of our network enumeration.

I.It will, within minutes, automatically notify you of the most critical vulnerability found through email. This email contains CVE number, description and fix.

II.It will actively exploit the vulnerability and progress in penetrating your IT infrastructure.

Our VulPen Engine is developed to attack your IT infrastructure using the vulnerabilities it finds. It will start with the most critical vulnerabilities first. In case VulPen Engine cannot use any vulnerabilities in your IT infrastructure, it will focus its attention to your IT supply chain. For example, it will attack the infrastructure of your IT solution providers, i.e. your domain host, in order to attempt forced entry to your IT infrastructure.

Despite all the tech available within cyber security, the weakest link unfortunately remain your employees. Whether it be opening phishing emails or texts or poor password hygiene, human weakness is often used and exploited by threat actors to install malware on your IT infrastructure.

That is why we developed a solution which scans the Dark Web searching for any compromised company accounts, like email addresses and passwords of your employees. If we find any, this will be immediately reported to you for actioning and closing the vulnerability.

Our Darkweb scan also searches for any other company information on your business that could create vulnerabilities and increase the risk of a cyber attack.

Our solution pro-actively scans the Dark Web to detect the creation of malicious domains set up to create a phishing attack. We'll explain how we do this.

We have developed a solution based on the Certstream intelligence feed (https://certstream.calidog.io/). Certstream's intelligence feed essentially tells the world each time a new ssl certificate/encryption key is created.

We take this information, process it and check the domain name against predetermined rules. These rules include aspects that can signal malicious intent. Examples are: deliberately confusing names, deeply nested subdomains like: paypal.com.accountupdate.internet.security rather than paypal.com or using lookalike characters such as uppercase O instead of 0 (zero).

The solution then associates a level of 'suspiciousness' to each certificate and when it hits a predetermined number, we start our process of enriching our knowledge about this certificate. We gather information on who owns it, what legal form is behind it, what's the current physical or server architecture behind it and whether it can be traced to known threat actors or groups.