Identify your exposed vulnerabilities and compromised access points before an attacker can exploit them.
SEE BEFORE YOU ARE SEEN
Most cybersecurity solutions — SOC, SIEM, EDR — detect attacks as they occur.
CYBERESIST® and CYBERCREDS® identify security blind spots proactively by detecting vulnerabilities and compromised access.
You can patch vulnerabilities and revoke compromised access before an attacker exploits them, complementing your existing tools.
IN A NUTSHELL
CYBERESIST
CYBERCREDS
MSP & MSSP
- Our SaaS platforms automate and speed up cybersecurity audits:
- With CYBERESIST, choose sovereign solutions.
- By taking out one of our subscriptions, you ensure regular monitoring with alert management.
- Comprehensive automated audits:
- External attack surface (web) – including data breaches.
- Internal Audit - Active Directory & PKI Infrastructure
- Audit cloud - Azure & Microsoft 365
- Checking for compromised access:
- Public and semi-public sources.
- No interaction with the target systems, the attackers or the compromised data.
- Platforms designed for MSPs and MSSPs:
- You manage your clients directly via dedicated accounts.
- You carry out regular monitoring for your clients.
CYBERESIST : AUDITS AUTOMATISÉS
EXTERNAL ATTACK SURFACE
A comprehensive scan of the exposed web surface.
Tests that do not require the installation of an agent or a sensor, or the collection of event logs.
Pre-scan: Identifying subdomains
Inventory of the attack surface (Shadow IT):
- Confirmation of the scope of the audit
Data breach investigation:
- Confidential documents (search engines),
- emails,
- Cloud resources,
- Source code,
- Compromised usernames and passwords.
OSINT (open-source intelligence):
- Email setup,
- Abusive domain name registrations,
- Risks of DNS takeover,
- Website counterfeits.
Software mapping: vulnerability testing, configuration errors.
In-depth analysis of the domain and subdomains: data relating to the company and its employees
OWASP Top 10: The 10 most significant security risks associated with web applications
- Faulty access controls,
- Vulnerable and obsolete components,
- Insecure design,
- Lack of data and software integrity,
- Poor-quality identification and authentication,
- Data injection tests,
- Data injection tests,
Analysis and classification of vulnerabilities by severity and type.
Recommended solution for each vulnerability
Reports< 2 >in French or English< 4 >including the mapping, the detailed report and the action plan in PDF, Word and Excel formats.
ACTIVE DIRECTORY & PKI INFRASTRUCTURE
Detection of exploitable technical vulnerabilities and poor administrative practices, providing a clear view of the level of risk.
Exécution d’un outil sur une machine connectée au réseau interne (compte standard).
Identification of poorly protected privileged accounts: Kerberoasting, risky delegations, admin accounts outside Protected Users. Search for vulnerabilities and misconfiguration. Automated detection of potential attack paths.
Verification of critical configuration settings: NTLMv1, anonymous LDAP, SMBv1, Spooler/PetitPotam.
Password management audit: Rotation, RC4, passwords exposed in SYSVOL and network shares.
Mapping attack paths: via ACLs, trusts, and vulnerable PKI templates (ESC1–ESC11).
Assessment of operational resilience: Backups, recycle bin, monitoring, obsolete machines.
Windows workstation audit: password storage in the browser, presence of a password manager, etc.
AZURE ENTRA-ID & MICROSOFT 365
Our module offers a turnkey audit of the cloud environment.
Exécution d’un outil sur une machine avec un compte administrateur du tenant Azure
Identification of poorly protected privileged accounts: Kerberoasting, risky delegations, admin accounts outside of Protected Users.
Access security: MFA, privileged accounts, legacy authentication, break-glass.
Privileges & identities: Admin roles, PIM, apps without owners, main services at risk.
Security posture: Secure Score, EDR/AV, Intune, logs & retention.
Analytics & detection: Risky sign-ins, suspicious activity, unusual connections.
Compliance & resilience: GDPR, retention policies, backup & incident response.
CYBERCREDS: DETECTION OF COMPROMISED ACCESS
DOMAIN INTELLIGENCE
- All compromised services (SSO, SAP, Extranet, VPN, etc.) with their criticality level
CRITICALHIGHINFO - The associated credentials and the relevant identities.
- Subdomains and internal services identified from the logs (authentication portals, WSSO, HR, etc.).
- A view of your actual attack area.
Exposure detection:
Continuous monitoring of infostealer logs on Telegram, private markets and underground forums.
- Real-time matching against your domains, email addresses and IP addresses.
- Identification of potentially valid session cookies.
- Assessment of the risk of session hijacking on critical accounts: SSO, VPN, cloud, Slack, GitHub.
- Compromised users graph
- List of compromised identities
- List of privileged accesses
- Reuse of passwords
- Password strength analysis
- Exposed services
- Infrastructure discovering
- Stack SaaS (Shadow-IT)
- Top targeted URLs
Active monitoring keeps a constant watch over your domain.
As soon as a matching log is detected, you are alerted.
Maximum time limit: 72 hours.
Critical alerts are notified within the first hour.
INVESTIGATION
Search the database in real time for a domain or an email address.
CYBERCREDS shows you whether an account has been compromised and how.
CYBERCREDS shows you whether an account has been compromised and how.
Immediate response, SOC alert classification, direct access to the machine profile.
Each row is clickable to view the full machine profile: date of compromise, country, CRITICAL/HIGH risk analysis, and reuse clusters.
Search by domain:
- Check your overall exposure
- Identify compromised accounts
- Draw up a remediation plan
Search by email:
- Verify a high-risk account (CISO, admin, C-level)
- Classify an existing SOC alert
- Post-incident review
- Onboarding a sensitive employee
- Structured report: accounts to be reset, machines to be investigated, documented risk, immediate recommendations.
- Presented at a feedback session.
Your teams retain the final say on remedial actions.
LEGAL CONTEXT
CYBERCREDS uses only public and semi-public sources.
CYBERCREDS never interacts with target systems, attackers or compromised data.
- We never test the detected access points.
- We process data in accordance with the GDPR / DPA
THE ADVANTAGES OF CYBERESIST
Automated audits tailored to the scope and size of the business, using platforms that are very easy to use.
Integrated AI services for personalised, dynamic and scalable audits.
Detailed AUDIT report with a clear management summary to prioritise the ACTION PLAN.
Measurement of discrepancies between AUDITS and ALERT MANAGEMENT FOR NEW VULNERABILITIES for continuous monitoring.
State-of-the-art technology combined with an orchestrator that integrates a wide range of services.
How Cybercreds is used
The latest cybersecurity projects
External SOC at an MSSP
A client employee infected with an infostealer.
An employee’s log was circulating on Telegram.
The user’s credentials granted access to the client’s VPN.
The SOC couldn’t see it because it was outside the managed scope.
What the MSSP has gained from CYBERCREDS:
- External visibility that the EDR did not have.
- A proactive alert that justified the annual client contract.
- Invoice issued in response to an incident.
in-house SOC at a client's premises
Receipt of an alert
An analyst detects a VPN connection from an unusual country. He opens a ticket and checks his SIEM — nothing out of the ordinary on the network side, so he closes the alert: “Unusual behaviour, to be monitored”.
What he didn’t know was that, three weeks earlier, this employee’s personal computer had been infected by a keylogger. His VPN credentials were in a Telegram log.
CYBERCREDS is said to have sent a webhook to its SIEM containing the full context three weeks before the alert:
- The analyst reportedly had: machine, date, infostealer family, exposed credentials.
- A quick assessment in five minutes rather than a detailed investigation without context.
