A security research project to gain insights into common security flaws.

CyberResilience is a security research project led by UpGuard Inc that conducts internet-wide scanning to gain insights into common security flaws.

Using the data we collect via CyberResilience, we enable security research, educate the community on cybersecurity and improve awareness on how to protect against cyber attacks and threat actors. 

Through this research project, we aim to protect the world's data. We believe that research is best done in collaboration – we encourage partnerships and collaboration from the industry and academia in order to protect the world’s data.

Scanning and collection

CyberResilience scans all public IPv4 addresses to determine open ports and misconfigured services. Collection activities take place which involve connecting to a publically open port and performing standard protocol handshakes to attempt to identify the running service.

We will never attempt to change device configurations, access private networks, or maliciously trigger a known exploit as part of the scanning and collection process.

We will attempt to only collect security data that should be visible to any entity that attempts to connect to a particular address and port from the public internet.

CyberResilience scans a growing number of TCP and UDP services. TCP studies include HTTP(S), SMTP, SSH, FTP, IMAP, POP3, MySQL, PostgreSQL, RDP, and many more. UDP studies include NetBIOS, DNS, NTP, IKE, Kerberos, SIP, SNMP, MDNS, and quite a few others.

What Data Do We Collect?

The purpose of our project is to evaluate the security posture of internet connected systems. Therefore, the data we collect is limited to:

  • TCP responses to our scanning requests including HTTP headers and the content.
  • Installed versions of network exposed services, applications (e.g. Wordpress, Apache, PHP, etc.)
  • Metadata about exposed services and applications: Which ports are open, what services and applications are running, identification banners, TLS certificates, publicly enabled features, etc.
  • Vulnerability information for systems and services that exhibit vulnerable behavior, such as a network service behaving in a way that strongly correlates to the presence of a specific vulnerability (e.g. a Microsoft Exchange Server vulnerable to CVE-2021-26855 will return a specific header in a HTTP request which signals that the vulnerability exists).

Opt Out

Security and privacy is paramount in what we do, and we understand that is extremely important for our industry. 

If you’d like to be excluded from our scanning please let us know by email at webmaster@cyberresilience.io. Please provide us with the IP addresses or ranges and proof of ownership or control of said IPs. Proof can include WHOIS records or PTR records. Your request will be manually reviewed and we will let you know the outcome of your request. Please note that we regularly review the opt out list and remove entries where the WHOIS or PTR records have changed