Project Resonance – WAVE 0
What is Project Resonance?
Project Resonance is an effort to improve the security of the publicly exposed assets through the study of the services, applications, and technologies running on these assets followed by deep analysis and data correlation.
Project Page: https://redhuntlabs.com/project-resonance
To start with, we are focusing on identifying different kinds of systems and components that are unknown to the Engineering, DevOps, and Security teams. Examples of such systems/components are unknown custom headers, data leak patterns, modern technology stacks, custom protocols, and third-party dependencies, etc.
Project Resonance covers not just Internet-wide data collection but also goes into studying and analyzing the massive datasets collected by our distributed collectors. Such examples could be the patterns of data leakage on the Internet, DNS Data, the study of security on cloud infrastructures, etc.
We plan to release one WAVE of Project Resonance at a time and in each wave, we plan to cover one specific area of the internet and analyze the current security posture of that area. Any interesting results will be shared with the community while making sure no confidential information about any organization is made accessible on the internet, after all, we are doing this to facilitate internet-wide security and research.
Why this project?
While performing internet-wide security research is definitely not a new idea, it is definitely a resource and time-intensive process which comes with additional challenges such as legal as well as infrastructure issues. Not all individuals can afford the required resources, time, or simply the skills required to execute their ideas on such a massive scale in a responsible manner.
Also, making the raw data public is respectable but due to its sheer size (usually in Hundreds of GBs), it is not feasible to download such datasets without having a high-end machine and decent network bandwidth. Once the data is downloaded, the major challenge is around storing, processing, and querying this data.
At RedHunt Labs, we have decided to bridge this gap by doing all the work and making actionable data available for public use and further analysis. The objective is to not only inspire new findings but will also aid security professionals in improving their everyday workflow.
How is it useful for the world?
The data that comes out of Project Resonance has multiple use-cases for Security Researchers, DFIR teams as well as Threat Intelligence teams. Few examples explaining how this data can be used:
- Studying the Internet’s security posture by discovering and collecting information about different kinds of technology components like custom protocols, services, data leaks, etc.
- Understanding Attack Surface: Project Resonance can define the global impact of a vulnerability/misconfiguration/data leak using the internet-wide data collection and analysis.
- Responsible Disclosures: We have in past done many responsible disclosures when we identified any publicly exposed System which shouldn’t be. This is done in a very confidential and responsible manner.
- Specific Research Topics can be picked by security practitioners by studying specific/multiple unknown headers, protocols, tech-stacks, interesting security patterns, data leak patterns, cloud storage objects, etc.
How does it work?
The following image gives a quick glimpse of the process used by Project Resonance to generate the relevant data sets.
Into the Framework
Since Project Resonance’s scope applicable to internet-wide security research around all kinds of data, we took our time to make our framework completely modular.
Each study requires two inputs — an interaction module and a parsing template. The interaction module is the code that interacts with the targets while the parsing template contains parsing instructions for the parser. The framework works in a distributed fashion for high-end performance. It also uses a unique algorithm to make sure there is a maximum delay between consecutive requests so that no components are affected by our probes.
This is how the architecture of the Project Resonance from a 10000 feet view looks like:
Project Resonance respects the will of owners to exclude their assets from our studies and that’s why the first thing we do is to exclude the assets requested by individuals/organizations.
The rest of the assets are then processed by our distributed framework. We parse and save all the data as it is retrieved.
Once this process is done, our team carefully inspects if there is any sensitive information that shouldn’t be publicly released and finalizes which data should be made public. A lot of thought is put into this phase to ensure that the information we are exposing to the world can not be straight up weaponized.
How to be excluded from our studies:
We take exclusions very seriously and believe that it’s an important part of the process. If you would not like to be included in any of our studies, please drop us an email at firstname.lastname@example.org.
Please make sure that you include the list of IP Addresses / IP Ranges which you would like to get excluded. Once we hear from you, we will simply put your IP Ranges on our exclusion list and you will never see any packet from our IPs.
Interested to know more?
Drop an email to email@example.com with your queries and we will be happy to answer.
Soon after this introductory blog post, we’ll be releasing Project Resonance’s first wave to the Internet, along with the related data sets which can be downloaded for free from our website. We look forward to the community utilizing this data and come up with new use cases for understanding and improving the security of the internet.