• John Lundgren

Welcome to the BreachBoard!

Updated: May 11

A new user's guide to your portal into BreachBits' Continuous Intelligent Red Team Service.

What is the BreachBoard?

The BreachBoard provides a central dashboard and control panel for BreachBits Continuous Intelligent Red Team (CIRT) Customers, where they can get a real-time ‘hacker’s-view’ of their IT infrastructure, as well as control and monitor the CIRT attack attempts against their defenses. As CIRT discovers new assets, open ports, vulnerabilities or humans that comprise your overall ‘attack surface’, you can find the details of them immediately – before attackers do.

Getting Started

To begin, new users will receive an email with a BreachBoard registration link, that will allow you to securely create your new BreachBoard user account.

BreachBoard Registration Page

Customer Dashboard

After logging in, you will be brought to your organization's dashboard, where key metrics and insights of your CIRT subscription can be found.

Customer Dashboard

BreachBoard Navigation Panel

Navigation Panel

On the left side of the BreachBoard, you will find the navigation panel, where you can drill into individual aspects of your CIRT Service.

In External Threats, you can see the results of CIRT's efforts to discover, monitor, attack and potentially breach your public-facing attack surface.

In Internal Threats, you can see the results of CIRT's internal cybersecurity assessments of your environment, as well as request new assessments.

In Event History, you can see a detailed time-ordered list of the results of your CIRT Service, including new target and service discoveries, etc.

External Threats

External Threats gives you a 'hackers's view' of your organization from the public Internet, and has four views - Overview, Attack Surface, Vectors and Controls. In the Overview, you get a high-level view of your organization's cyber Key Risk Indicators (KRIs), which weigh heavily when CIRT calculates your overall cyber risk.

External Threats Overview

At the top of the Overview View, you also have the ability to start or stop CIRT's attacks & scans of your attack surface.

Continuous Attacks Disabled

If the Continuous Attacks status is Disabled, then CIRT is conducting passive reconnaissance on your attack surface, but no scans or attack attempts will be conducted.

Continuous Attacks Enabled

When you are ready to start or resume CIRT scans and attacks, simply press the play button.

Next is the Attack Surface View, which provides the most up-to-date snapshot of your organization's public-facing attack surface. Below the summary tiles at the top, you will find any targets that CIRT has discovered to have publicly-known vulnerabilities. Click on any of these vulnerabilities to learn more about them from the National Vulnerability Database.

External Attack Surface View

Below the vulnerable targets you will find all system and human attack surface targets that CIRT has discovered to-date. System targets are public-facing computers, servers or cloud resources, while human targets are email address or social media accounts that can be used to target a human in your organization with social engineering attacks.

The third view in External Threats are your attack vectors that CIRT has identified and queued for testing. An attack vector is a specific ’aimpoint’ in one of your attack surface targets that an attacker could pair with an existing (i.e. non-theoretical) tactic or method to gain access to your internal attack surface and/or violate the confidentiality, integrity or availability of your data.

Vectors View

As CIRT proceeds through the attack vectors in your attack surface to test them for viability and attack them, a record of each individual attack can be found nested under each attack vector.

Internal Threats View

Upcoming BreachBoard releases will also provide an Internal Threats View, where results of internal assessments and requested internal attacks can be found, as well as functionality to request and schedule internal assessments, to test each layer of your defenses. Stay tuned for updates!

Event History

Customers can now see the results of CIRT's discovery, reconnaissance and attack actions as they happen with the Event History view. As new services, vulnerabilities or attack vectors are found in (or disappear from) your attack surface, you will see the details of the CIRT updates here.

Event History View

Have questions, ideas or comments about the BreachBoard, or what else you would like to see? Email support@breachbits.com and share them with us!

19 views0 comments

Recent Posts

See All

Attack on Demand: Darkside Group Ransomware Emulation

This guide provides a demonstration and details of the Darkside Group Ransomware Emulation that is a part of the Continuous Intelligent Red Team (CIRT) Insider Threat module. Background In May 2021, a

Attack on Demand: BreachBits Ransomware Emulation

This guide provides a demonstration and details of the BreachBits Ransomware Emulation that is a part of the Continuous Intelligent Red Team (CIRT) Insider Threat module. Background Ransomware attacks

Attack on Demand: Credential Access using LSASS

This article provides a demonstration and context for the Credential Access using LSASS Attack on Demand packages that are a part of the Continuous Intelligent Red Team (CIRT) Insider Threat module. B