CyberResilience is a security research project led by UpGuard Inc that conducts internet-wide scanning to gain insights into common security flaws.
Using the data we collect via CyberResilience, we enable security research, educate the community on cybersecurity and improve awareness on how to protect against cyber attacks and threat actors.
Through this research project, we aim to protect the world's data. We believe that research is best done in collaboration – we encourage partnerships and collaboration from the industry and academia in order to protect the world’s data.
Scanning and collection
CyberResilience scans all public IPv4 addresses to determine open ports and misconfigured services. Collection activities take place which involve connecting to a publically open port and performing standard protocol handshakes to attempt to identify the running service.
We will never attempt to change device configurations, access private networks, or maliciously trigger a known exploit as part of the scanning and collection process.
We will attempt to only collect security data that should be visible to any entity that attempts to connect to a particular address and port from the public internet.
CyberResilience scans a growing number of TCP and UDP services. TCP studies include HTTP(S), SMTP, SSH, FTP, IMAP, POP3, MySQL, PostgreSQL, RDP, and many more. UDP studies include NetBIOS, DNS, NTP, IKE, Kerberos, SIP, SNMP, MDNS, and quite a few others.
What Data Do We Collect?
The purpose of our project is to evaluate the security posture of internet connected systems. Therefore, the data we collect is limited to:
- TCP responses to our scanning requests including HTTP headers and the content.
- Installed versions of network exposed services, applications (e.g. Wordpress, Apache, PHP, etc.)
- Metadata about exposed services and applications: Which ports are open, what services and applications are running, identification banners, TLS certificates, publicly enabled features, etc.
- Vulnerability information for systems and services that exhibit vulnerable behavior, such as a network service behaving in a way that strongly correlates to the presence of a specific vulnerability (e.g. a Microsoft Exchange Server vulnerable to CVE-2021-26855 will return a specific header in a HTTP request which signals that the vulnerability exists).