lostrabbitlabs

Full Spectrum Teaming & CyberSecurity Services

“You are only as strong as your weakest link. When you check a chain for weakness, do you only check one link?

Why limit your Vulnerability Assessments and Penetration Testing efforts to a single or even handful of systems during an engagement when you can analyze the entire domain and all of its assets.”

Lost Rabbit Labs offers the following services:
Penetration Testing & Teaming Engagements
Web Application, API, Mobile, & Hardware Testing
OSINT Investigations / Threat Intel & Hunting
Phishing/Vishing/Social Engineering Campaign
Wireless/Bluetooth/RFID Analysis
Virtual CISO (VCISO) Services & Support
WisQuas Digital Footprint Discovery
Security Consulting, Simulations, & Training

WisQuas: Domain-Wide Inventory & Assessment

What is WisQuas and what does it do?
In order to properly provide situational awareness around all digital assets belonging to a company, we have created a custom web crawler focused on detecting common security misconfigurations, the presence of suspicious or leaked data, and missing controls and protections. The WisQuas engine attempts to reveal that which may be hidden, through slight fuzzing, enumeration, and fingerprinting around your entire domain and its web services.

In addition, full ‘Digital Footprint Discovery and Inventory’ across a given domain is performed for completeness. Our WisQuas Engine has proved to be extremely beneficial for performing Penetration Testing, OSINT research, and supporting the VCISO (Virtual CISO) role by providing situational awareness around all managed domains within an organization.

Contact us today for a demonstration of WisQuas or CLICK HERE to try it out yourself for free.

PENETRATION TESTING & OSINT SERVICES


8-HOUR ENGAGEMENT - PENETRATION TEST/OSINT - $2,500
​External/Internal Networks, Web Application, Mobile, IoT, Hardware, Physical

The purpose of this condensed test is to provide an affordable and ‘quick but thorough’ assessment around your entire domain, a network segment, a particular website or application, or a provided data point. Helps identify your organizations’ baseline security posturing and prioritize which weaknesses need to be addressed immediately.


CLICK HERE for additional information or CONTACT US.


CLICK ABOVE TO DOWNLOAD
    8-HOUR SAMPLE REPORT

40-HOUR ENGAGEMENT - PENETRATION TEST/OSINT - $10,000
​External/Internal Networks, Web Application, Mobile, IoT, Hardware, Physical

Having more time to test and explore allows for deeper inspection of digital assets and services. This discounted effort includes a more thorough examination of your domain, applications and other digital assets in your organization.


CLICK HERE for additional information or CONTACT US.


 CLICK ABOVE TO DOWNLOAD
    40-HOUR SAMPLE REPORT

VCISO (ON-DEMAND) & WISQUAS ENTERPRISE

1-MONTH ENGAGEMENT - VCISO SUPPORT & WISQUAS ENTERPRISE - $2,500
​Digital Asset Monitoring & Alerting, Threat Landscape Awareness, VCISO Support

Lost Rabbit Labs will provide direction and guidance with creating and maintaining standards, procedures, and processes, along with supporting documentation for your company’s Cybersecurity and defensive posturing. We will also perform on-going Threat Intelligence and Digital Asset Awareness of public facing hosts using our WisQuas Engine and provide a monthly report on observed and potential future threats.


CLICK HERE for additional information or CONTACT US.


WISQUAS INFOSEC PRO - $49/mo.

1-MONTH WISQUAS INFOSEC ACCESS
​Digital Footprint Discovery & Asset Analysis Crawler

For serious Bug Bounty Hunting, Web Service Anomaly Detection, and Digital Asset Exploration across the public WisQuas database. Also, includes the ability to run your own custom crawls (20 domains) . Unlimited results per query along with access to the WisQuas reporting module.


UNLIMITED RESULTS PER QUERY :: LIMITED CRAWLING (20 domains) ::  CRAWL DATA IS PUBLIC AND SHARED WITH ALL USERS


1-MONTH - WISQUAS INFOSEC PRO ($49)

WISQUAS RESEARCHER - $99/mo.

1-MONTH WISQUAS RESEARCHER ACCESS
​Digital Footprint Discovery & Asset Analysis Crawler

For Penetration Testers, Bug Bounty Hunters, Researchers, and the Passionately Curious. Your crawls will be privately tagged and not appear in the public WisQuas database. Increased crawling credits (50 domains) and access to the reporting module for unique view of your domain.


EXTENDED CRAWLING (50 domains)  :: CRAWL DATA CAN BE TAGGED PRIVATE AND OPTIONALLY SHARED PUBLICLY


1-MONTH - WISQUAS RESEARCHER ($99)

WISQUAS BUSINESS - $999/mo.

1-MONTH WISQUAS BUSINESS ACCESS
​Digital Footprint Discovery & Asset Analysis Crawler

For use by businesses and corporations. Your crawls will be privately tagged and not appear in the public WisQuas database. Unlimited crawling credits and access to the reporting module for unique view of your domain.


UP TO 10 USER ACCOUNTS  ::  UNLIMITED CRAWLING  ::  CRAWL DATA CAN BE TAGGED PRIVATE AND OPTIONALLY SHARED PUBLICLY

CONTACT US FOR MORE INFORMATION

WISQUAS ENTERPRISE - CONTACT US

12-MONTHS WISQUAS ENTERPRISE ACCESS
​Digital Footprint Discovery & Asset Analysis Crawler

For use by large businesses and corporations. Your crawls will be privately maintained along with the WisQuas database, and dedicated workers, on your infrastructure. Unlimited crawling credits and access to the reporting and monitoring modules for use across all your domains.


UNLIMITED USERS ::  UNLIMITED CRAWLING  ::  CRAWL DATA IS HOSTED ON PRIVATE INFRASTRUCTURE & INCLUDES SUPPORT

CONTACT US FOR MORE INFORMATION


CURRENT NEWS, INFO, & UPDATES

BETA LAUNCH! WisQuas is Now Online (FREE)
“You are only as strong as your weakest link. When you check a chain for weakness, do you only check one link?

Why limit your Vulnerability Assessments and Penetration Testing efforts to a single or even handful of systems during an engagement when you can analyze the entire domain!” –9.2.2020
This tool will crawl, analyze and enumerate a URL and all 3rd party links and dependent requests on the page (using different User-Agent strings). Results show the unique/anomalous responses received, useful for finding suspicious URLs and tracking down malicious payloads. UAAD uses Chrome Headless + Puppeteer to emulate a real browser with java-script support, in order to inspect actual rendered payloads. Results can also be exported as JSON output. –8.19.2020
“In this write-up, we will provide an introduction to our WisQuas, share some of LRL‘s recent discoveries, and take a quick look at causing an internal Information Disclosure (through overflowing the Apache web service), and using this disclosure to access an unprovisioned Shadow VHost (Virtual Host).” — 8.1.2020