Initial Access Intelligence

Detection Artifacts

The VulnCheck Initial Access Intelligence product includes detection artifacts in a wide range of formats, to enable defenders to quickly detect & respond to emerging threats.

VulnCheck's Initial Access Intelligence product provides organizations with in-house developed exploit PoCs, packet captures (PCAP files), Suricata & Snort signatures to detect exploitation, YARA rules (when possible), CPE strings, version scanners, mapping to GreyNoise tags, and measuring Internet-level exposure of potentially vulnerable systems using Censys & Shodan. VulnCheck packages these detection artifacts for organizations to detect & respond.

Our detection artifacts enable organizations to respond to the latest vulnerabilities, likely to be involved in widespread attacks and data breaches, by implementing defensive measures and testing their security posture.

Detection Artifacts Included

Licensed subscribers of VulnCheck Initial Access Intelligence are able to download the following detection artifacts for covered vulnerabilities:

Detection ArtifactDescription
Exploit PoCIn-house developed Exploit PoC designed to test whether devices or applications are actually vulnerable
Version ScannerA version scanner, wired into the Exploit PoC, designed to assess whether systems are vulnerable based on a version, without sending exploit payload
Packet Capture (PCAP)A packet capture (PCAP) of the Exploit PoC exploiting a vulnerable system
Suricata RuleA Suricata or Snort rule designed to detect the exploitation of the vulnerability over the network
Snort RuleA Suricata or Snort rule designed to detect the exploitation of the vulnerability over the network
YARA RuleA YARA rule designed to detect the exploit on an endpoint
Nmap ScriptsAn Nmap script for scanning environment using the widely used Nmap network scanner
Target DockerA docker-compose or dockerfile containing the vulnerable service for testing

Metadata Available

In addition to the above detection artifacts (files), VulnCheck Initial Access includes metadata about the potential exposure of the vulnerability. Organizations on the VulnCheck platform, regardless of whether they have purchased VulnCheck Initial Access Intelligence or not, may access the following metadata from VulnCheck Initial Access Intelligence.

Included in KEVWhether the Vulnerability is currently in the CISA KEV list or not
CPECommon Platform Enumeration (CPE) strings of potentially vulnerable systems
VendorVendor associated with target of the detection artifacts
ProductsProduct(s) associated with the target of the detection artifacts
Date AddedThe date the detection artifacts were first made available
Artifact DescriptionA name or description of the detection artifact collection
Censys QueriesExample Censys queries for examining potential Internet-exposed devices & applications
Shodan QueriesExample Shodan queries for examining potential Internet-exposed devices & applications
GreyNoise QueriesExample GreyNoise queries for finding the vulnerability via honeypot data