Understanding Stealer Logs and Their Role in Security Testing: A Focus on Asset Discovery- Part 2
2 min read
Summary
In this second part of the series, the authors continue to discuss the role of stealer logs in security testing with a focus on asset discovery, particularly when the target organization uses multiple domains rather than subdomains.
They present a case study on gaining access to assets of a target company through stealer logs that lead to discovering other related companies hosted on different domains.
By analyzing URLs linked to the target, the authors broaden the scope of testing beyond standard subdomain enumeration tools.
They explain the process, which involved searching for specific terms in stealer logs, identifying logos and company names, and then searching for those entities through Google to gather basic information.
Upon confirming the relationship between the two companies, they searched for specific terms related to the second company in the logs and reviewed the results, finding reference to another related company.
Continuing this process, they eventually identified a unique URL for a test environment, but encountered a 403 Forbidden page.
Using records on archive.org, they discovered a directory listing for the environment and downloaded sensitive files, including one .dll file that was decompiled to uncover numerous credentials.
The authors conclude with lessons learned from the case study.