ShadowTrackr

Log in >
RSS feed

Improved software detection

21 May 2023
After last week's improved WordPress detection I was on a roll and improved the Plesk version detection, the detection of remote login services like CheckPoint, Pulse Secure, SonicWALL and some more, and added a drastic improvement in the detection of Microsoft Remote Desktop Web Access. About that last one: Don't leave it exposed to internet! You are asking for trouble ...

Next, it's time to improve the user experience in the GUI. This update already has an option to change all times in the GUI from the default UTC to your local timezone. The option is available under My profile.

Improved WordPress checks

15 May 2023
The detection of WordPress version has improved, resulting in much less WordPress mentions without a version.

WordPress itself also publishes a list of versions that are insecure, and this data is now used in the Software overview and Software vulnerabilities reports along with any CVEs found. Vulnerable versions will have a tag "insecure" (color coded red) and outdated versions will have the tag "outdated" (color coded orange).

Automatically trust Microsoft O365 certificates

23 April 2023
Some clients reported that Microsoft required them to have certain DNS records available for their Office 365 cloud account. Two (fictive) examples are lyncdiscover.shadowtrackr.com and sip.shadowtrackr.com. You are not required to actually have a website running on those URLs. Microsoft will forward them to their proper cloud servers, serve a standard Microsoft O365 TLS certificate, and that's it.

Or is it?

Some services will start complaining about not trusting the TLS certificate since you now have a domain mismatch. Microsoft itself explains here that you should just trust these certificates and get on with it.

That works, but ShadowTrackr willlist your TLS certificate as a problem since the domain mismatch is still there. If you do not want that, you now have te option to force ShadowTrackr to always trust Microsoft TLS certificates. It's available under Settings->general

If you enable this, it will only work for valid Microsoft TLS certificates on ip addresses that are in the Microsoft cloud range. If any of these conditions is not true you will still see an error appearing in your reports (as you should).
Older posts >

Overview
Use cases
Plans and pricing
FAQ
Resources
API
Blog
Documentation
Integrations
Shodan
OpenCTI
Company
About
Contact us
Legal & Policy