Full Spectrum Teaming & CyberSecurity Services
 |  |  |  |  |  |
“You are only as strong as your weakest link. When you check a chain for weakness, do you only check one link?
Why limit your Vulnerability Assessments and Penetration Testing efforts to a single or even handful of systems during an engagement when you can analyze the entire domain and all of its assets.”
Lost Rabbit Labs offers the following services:
Penetration Testing & Teaming Engagements
Web Application, API, Mobile, & Hardware Testing
OSINT Investigations / Threat Intel & Hunting
Phishing/Vishing/Social Engineering Campaign
Wireless/Bluetooth/RFID Analysis
Virtual CISO (VCISO) Services & Support
WisQuas Digital Footprint Discovery
Security Consulting, Simulations, & Training
WisQuas: Domain-Wide Inventory & Assessment
What is WisQuas and what does it do?
In order to properly provide situational awareness around all digital assets belonging to a company, we have created a custom web crawler focused on detecting common security misconfigurations, the presence of suspicious or leaked data, and missing controls and protections. The WisQuas engine attempts to reveal that which may be hidden, through slight fuzzing, enumeration, and fingerprinting around your entire domain and its web services.
In addition, full ‘Digital Footprint Discovery and Inventory’ across a given domain is performed for completeness. Our WisQuas Engine has proved to be extremely beneficial for performing Penetration Testing, OSINT research, and supporting the VCISO (Virtual CISO) role by providing situational awareness around all managed domains within an organization.
Contact us today for a demonstration of WisQuas or CLICK HERE to try it out yourself for free.
PENETRATION TESTING & OSINT SERVICES
 | 8-HOUR ENGAGEMENT - PENETRATION TEST/OSINT - $2,500 External/Internal Networks, Web Application, Mobile, IoT, Hardware, Physical The purpose of this condensed test is to provide an affordable and ‘quick but thorough’ assessment around your entire domain, a network segment, a particular website or application, or a provided data point. Helps identify your organizations’ baseline security posturing and prioritize which weaknesses need to be addressed immediately. CLICK HERE for additional information or CONTACT US. |  CLICK ABOVE TO DOWNLOAD 8-HOUR SAMPLE REPORT |
 | 40-HOUR ENGAGEMENT - PENETRATION TEST/OSINT - $10,000 External/Internal Networks, Web Application, Mobile, IoT, Hardware, Physical Having more time to test and explore allows for deeper inspection of digital assets and services. This discounted effort includes a more thorough examination of your domain, applications and other digital assets in your organization. CLICK HERE for additional information or CONTACT US. |  CLICK ABOVE TO DOWNLOAD 40-HOUR SAMPLE REPORT |
VCISO (ON-DEMAND) & WISQUAS ENTERPRISE
1-MONTH ENGAGEMENT - VCISO SUPPORT & WISQUAS ENTERPRISE - $2,500
Digital Asset Monitoring & Alerting, Threat Landscape Awareness, VCISO Support
Lost Rabbit Labs will provide direction and guidance with creating and maintaining standards, procedures, and processes, along with supporting documentation for your company’s Cybersecurity and defensive posturing. We will also perform on-going Threat Intelligence and Digital Asset Awareness of public facing hosts using our WisQuas Engine and provide a monthly report on observed and potential future threats.
CLICK HERE for additional information or CONTACT US.
WISQUAS INFOSEC PRO - $20/mo.
1-MONTH WISQUAS INFOSEC ACCESS
Digital Footprint Discovery & Asset Analysis Crawler
For serious Bug Bounty Hunting, Web Service Anomaly Detection, and Digital Asset Exploration across the public WisQuas database. Also, includes the ability to run your own custom crawls (20 domains) . Unlimited results per query along with access to the WisQuas reporting module.
UNLIMITED RESULTS PER QUERY :: LIMITED CRAWLING (20 domains) :: CRAWL DATA IS PUBLIC AND SHARED WITH ALL USERS
WISQUAS RESEARCHER - $99/mo.
1-MONTH WISQUAS RESEARCHER ACCESS
Digital Footprint Discovery & Asset Analysis Crawler
For Penetration Testers, Bug Bounty Hunters, Researchers, and the Passionately Curious. Your crawls will be privately tagged and not appear in the public WisQuas database. Increased crawling credits (50 domains) and access to the reporting module for unique view of your domain.
EXTENDED CRAWLING (50 domains) :: CRAWL DATA CAN BE TAGGED PRIVATE AND OPTIONALLY SHARED PUBLICLY
WISQUAS BUSINESS - $999/mo.
1-MONTH WISQUAS BUSINESS ACCESS
Digital Footprint Discovery & Asset Analysis Crawler
For use by businesses and corporations. Your crawls will be privately tagged and not appear in the public WisQuas database. Unlimited crawling credits and access to the reporting module for unique view of your domain.
UP TO 10 USER ACCOUNTS :: UNLIMITED CRAWLING :: CRAWL DATA CAN BE TAGGED PRIVATE AND OPTIONALLY SHARED PUBLICLY
WISQUAS ENTERPRISE - CONTACT US
12-MONTHS WISQUAS ENTERPRISE ACCESS
Digital Footprint Discovery & Asset Analysis Crawler
For use by large businesses and corporations. Your crawls will be privately maintained along with the WisQuas database, and dedicated workers, on your infrastructure. Unlimited crawling credits and access to the reporting and monitoring modules for use across all your domains.
UNLIMITED USERS :: UNLIMITED CRAWLING :: CRAWL DATA IS HOSTED ON PRIVATE INFRASTRUCTURE & INCLUDES SUPPORT
CONTACT US FOR MORE INFORMATION
CURRENT NEWS, INFO, & UPDATES
| | BETA LAUNCH! WisQuas is Now Online (FREE)
“You are only as strong as your weakest link. When you check a chain for weakness, do you only check one link? Why limit your Vulnerability Assessments and Penetration Testing efforts to a single or even handful of systems during an engagement when you can analyze the entire domain!” –9.2.2020 | |
| | This tool will crawl, analyze and enumerate a URL and all 3rd party links and dependent requests on the page (using different User-Agent strings). Results show the unique/anomalous responses received, useful for finding suspicious URLs and tracking down malicious payloads. UAAD uses Chrome Headless + Puppeteer to emulate a real browser with java-script support, in order to inspect actual rendered payloads. Results can also be exported as JSON output. –8.19.2020 | |
| | “In this write-up, we will provide an introduction to our WisQuas, share some of LRL‘s recent discoveries, and take a quick look at causing an internal Information Disclosure (through overflowing the Apache web service), and using this disclosure to access an unprovisioned Shadow VHost (Virtual Host).” — 8.1.2020 |
