Recently there’s been a lot of interest in Attack Surface Discovery and the Intrigue Core framework. When we started working the problem in 2013, it was considered (primarily) a pentesting problem, and in the best case Attack Surface Discovery was performed 1-2x per year. The state of the art was vulnerability scanning, and for the initiated – PTES – which attempted to capture the activities, but there was no automation that attempted to solve the whole of the problem and give users a wide understanding of the surface.
Now, in 2020, we’re seeing a genuine improvement in this understanding. There are a growing number frameworks that attempt to automate the process, and with Bug Bounties becoming more and more common, there’s a genuine need to standardize some of the activities performed, make them automated, and make them EASY, so we can move on to the harder problems. Efforts like @jhaddix’s Bug Hunter Methodology, the seclists project and others are a step in the right direction.
With this in mind, we’re opening up our slack channel to more users, and hope that you’ll join us on this journey. Come join us by following this link, and when you arrive, drop a quick intro in the #general channel so we can get to know you better!