text simp 1 1

Internet wide surveys to study and understand the security state of the Internet as well as facilitate research into various components / topics which originate as a result of our surveys.

About Project Resonance

Project Resonance is an effort to 'give back to the community' and improve security of the Publicly Exposed data / information followed by a deep analysis & data correlation.

We focus specifically on identifying different kinds of Systems and components that are unknown to Security teams. Examples of such systems/components are unknown custom headers, data leak patterns, modern technology stacks, custom protocols, and third party dependencies, etc.

Waves are sent out to billions of assets collected by our cluster of bots across the internet, and useful insights are extracted and shared with the community to serve a larger purpose of making the Internet a more secure place.

All the non-confidential data that come out of Project Resonance is free to download for researchers and security practitioners. Feel free to use this data for further educational and research purposes.
DataSets

Recent Project Resonance Waves

Wave 2 - Coming Soon

Wave 1 - Internet-Wide Analysis of Subdomain Takeover

This blog post is about our recent study related to misconfigured CNAME records that can cause subdomain takeovers on a massive scale, ~ 220 Million Subdomains across the internet.

Wave 0 - Project Resonance Introduction

Project Resonance is an effort to improve the security of the publicly exposed assets through the study of the services, applications, and technologies running on these assets followed by deep analysis and data correlation.

How does it work?

01

Internet Wide Data Collection/Monitoring
We first collect different kinds of public data from various parts of internet using our distributed collectors.

02

Data Normalization

Based on the collected data, we extract meaningful information by passing it to our massive processing engines.

03

Shipped to Central DB

Normalized data is picked from distributed collectors and shipped to our Central DataBase. No critical / Sensitive Data is stored.

04

Data Analysis

Data is filtered, segregated and analyzed for multiple research and studies. Unknown technologies, headers, etc. are extracted.

05

Results Released

Based on Data Analysis, results and outcomes are released through Blogs / Dataset as well as passed to our our product NVADR.

Giving it back to the community.

The data that comes out of Project Resonance has multiple use-cases for Security Researchers, DFIR teams as well as Threat Intelligence teams. Few examples explaining how this data can be used:

  • Studying the Internet’s security posture by discovering and collecting information about different kind of technology components like custom protocols, services, data leaks, etc.
  • Understanding Attack Surface: Project Resonance can define the global impact of a vulnerability / misconfiguration / data leak using the internet-wide data collection and analysis.
  • Responsible Disclosures: We have in past done many responsible disclosures when we identified any publicly exposed System which shouldn’t be. This is done in a very confidential and responsible manner. 
  • Specific Research Topics can be picked by security practitioners by studying specific / multiple unknown headers, protocols, tech-stacks, interesting security patterns, data leak patterns, cloud storage objects, etc. 

Legal Considerations

We respect legal boundaries and privacy concerns, therefore we do responsible research and adhere to the following procedure:
  • Non-Intrusive: All our research and studies are non-intrusive in nature. 
  • Responsible data release: While we release our datasets, we don’t release all the datasets out in public. We pay very close attention to make sure that no sensitive data is stored as well as released as a part of our datasets. We only release data which helps to facilitate security research but at the same time do not allow any attack exposure for anyone in the world. 
  • Low Rate: We do all our studies on a very low rate so that no one is affected adversely from our research. 
  • Exclusion Lists: If you don’t like to be a part of our research, we respect that preference. We have as exclusion list which we take very seriously. If you don’t want to be in included in our studies, drop us an email at exclusion@project-resonance.com.
  • Responsible Disclosure: Many times, we find some components / piece of information / assets which we think shouldn’t be publicly exposed. In such cases, we will responsibly disclose this to the respective owners of the organization. 
If there any further questions left unanswered, have a look at our FAQ section. Still have doubts, please get in touch and drop us an email at info@project-resonance.com

Frequently Asked Questions.

Under any circumstances, we don’t access any authenticated / restricted / protected resources. Our collectors only collect data from public sources on the internet.

All our studies are non-intrusive. We take special care of making sure no systems are negatively affected because of our research.

If you don’t want to be in included in our studies, drop us an email at exclusion@project-resonance.com and we will exclude your assets from all our future research.

No, we don’t crawl any HTTP/HTTPS servers during any phase of our research.

We use a combination of open-source tools and our own in-house developed tools. We are polishing them and they will be out in Open Source community soon.

Share in your network

Share on facebook
Facebook
Share on linkedin
LinkedIn
Share on twitter
Tweet
Share on reddit
Reddit
Share on whatsapp
WhatsApp