How do you seek for dataleaks in the wild?


How do you seek for dataleaks in the wild?

by adidionxlm

DeepWeb is a common name for parts of the World Wide Web where contents are not indexed by standard web search engines for any reason. Part of this Deep Web is known as pasties website.

These websites like “pastebin.com”, “quickleak.se”, “slexy.org” etc… are commonly used for exchanging information about compromised credentials.

Excellium offers a comprehensive service for monitoring the DeepWebfor your domains or any given keyword. This service is called EyeDeep and is operated by the CSIRT of Excellium services.

Pasties are by default ephemeral, therefore the traditional monitoring based on search engines does not apply.

These websites could be used also for exchanging snippet of code that may include credentials and information about your infrastructure.


Why Eyedeep?

Monitoring the DeepWeb is not a simple task. Due to the ephemeral nature of the data and the restrictionsfor accessing it, detection should be performed continuously and any potential findings should be kept.Therefore, detection needs dedicated infrastructure and resources for harvesting, qualifying and performthe triage of the findings.

EyeDeep is a service operated by Excellium CERT-XLM to address this effort for you. By using EyeDeep, youwill be able to cover an extra surface in terms of security. This product will allow you to early detect publiclyreleased data leaks that can directly affect your entities. Whether these leaks come from your assets orpossibly other compromised website that may contains some of your data, EyeDeep will extend the coverage of your security perimeter.


Excellium will perform the following monitoring:

• Continuous scan of pasties websites:
– Detection of custom keywords and customer domains;
– Archivals of the matching pasties;
– Detection of IP ranges.

• Manual triage of detected alerts:
– Instant notification for credential leak and security related data.

• Comprehensive monthly report for all related findings during the last month.

Activity Details

Scan of legitimate domains

Based on the list of domains provided by the client, EyeDeep engine scans pasties websites to find such strings. It allows you to be early notified when a collaborator account is compromised or when a data leakoccurs.

Active scan for custom keywords

Based on the list of words or regular expressions you will provide (Vip users, Solutions, Names…). You will be notified when our engine find a match.


Excellium will provide immediate alerts through email on newly detected credentials or sensitive information.To avoid false positive and assess potential risks, Excellium manually reviews these alerts (24/7 via SOC).

Excellium will provide a monthly report will include details of all alerts.