Typically, hackers search for the weakest points in an organisation’s armour, often focusing on blind spots like forgotten subdomains.
Many Apex domains can have multiple subdomains that are poorly maintained or left unnoticed, making them prime targets for cyberattacks.
“These subdomains frequently run outdated software, increasing the risk of exploitation. Attackers actively scan for such weak points, knowing they can offer an easy entry into an organisation’s network,” says Olivier Beg, Chief Hacking Officer at Hadrian.
Overlooked digital components connected to the internet with exploitable vulnerabilities create opportunities for cybercriminals and have led to an increase in security breaches worldwide.
As organisations grow their online presence, security teams find it harder to spot and prioritise risks before they are taken advantage of.
Here’s where Amsterdam-based cybersecurity company Hadrian comes into play!
AI tool for subdomain detection
The Dutch company launched an AI tool — Subwiz, the world’s first custom-trained AI tool for subdomain detection.
Previously, subdomain detection relied heavily on brute-force techniques, requiring many adjustments to guess potential subdomains.
Subwiz changes this by using machine learning, making predictions more accurate, and requiring fewer DNS queries.
In short: Subwiz ensures that companies are less likely to be hacked via digital backdoors that they may not even have known about.
With cyber threats constantly evolving, Subwiz helps organisations take a proactive approach to securing their online assets.
“By discovering subdomains that would otherwise remain hidden, we allow companies to fix weaknesses before they become entry points for attackers,” concludes Beg.
Easy to integrate
Users of Subwiz can adjust several parameters within the tool during their subdomain search, depending on their needs.
“By refining your search, you can maximize your results. All subdomains in a certain area of the web can be discovered,” Beg adds.
In addition, Subwiz easily integrates with other subdomain detection tools that ethical hackers and security experts are already using.
For example, Subwiz can be used with SanicDNS, Hadrian’s first open-source tool.
SanicDNS is designed for quick scans, while Subwiz focuses on discovering subdomains that need to be scanned.
Balancing computing power, time, and quality
Subwiz is built using a lightweight LLM that can easily run on a laptop and generate hundreds of results in seconds.
Beg stated that when developing Subwiz, the team aimed to balance thorough detection with efficiency.
Rather than testing millions of options aimlessly, they focused on smart predictions. They found that running around 10,000 targeted subdomain tests per domain uncovered roughly 10% more undetected subdomains.
This extra visibility is important because these often ignored or vulnerable subdomains are commonly targeted by hackers.
Hadrian: Offensive security specialists
Based out of Amsterdam, Hadrian specialises in offensive security solutions.
With the mission to empower organisations from a hacker’s perspective, the Dutch company uses advanced technologies to identify and mitigate vulnerabilities before they can be exploited.
Through continuous monitoring and proactive threat analysis, Hadrian supports companies worldwide in building resilient digital infrastructures in an increasingly complex cyber landscape.
01
destream: Building the financial backbone of the creator economy