Access Our Expertise
ZeroFox OnDemand Investigations & Dark Ops Services provide access to a team of highly-skilled intelligence analysts with experience conducting specialized risk assessments, investigations, and even threat actor engagement. With over 20+ years of experience serving customers across multiple industries and regions, ZeroFox will connect you with on-demand threat intelligence analysts who deliver deep-dive reports, threat assessments, research projects, and as-requested analytic projects tailored to your organization. You can also rely on our experts to expand the depth and breadth of your intelligence coverage and help you better understand global physical, cyber, and political risks by applying their intelligence tradecraft and cultural and foreign language skills.
Those who have experienced a breach or are interested in understanding emerging threats can leverage our Dark Ops team to perform a variety of investigation and engagement services on your behalf. Integrated into hundreds of dark web communities and places that most cannot infiltrate, ZeroFox combines open-source and human intelligence to fight back, engage with adversaries, triage threats, and curate intelligence specific to you. Unless otherwise contracted, all investigation services are conducted in English, and reports are produced in English.
In the pages that follow, you will find information on each of the assessments and services we offer and the insights that the ZeroFox OnDemand Investigations & Dark Ops Services team can provide. Reach out to your ZeroFox representative to learn more related to delivery, full versions of sample reports, and pricing.
Executive Threat Assessment - Standard
This report provides an assessment of a VIP entity to identify risks, vulnerabilities, and malicious exploitation based on their digital footprints. It highlights the most common threat vectors that may impact a VIP entity’s physical and digital security and includes high-level recommendations to mitigate these risks. Limited to the VIP entity.
Cost: 3 ODI Credits
Report includes:
- Disclosures of Data Enabling Malicious Actions
- Risk of Blackmail or Identity Theft
- Risk of Physical Harm
- Risk of Corporate Exposure
Executive Threat Assessment - Premium
This report provides a more extensive assessment of VIP entities and their related assets to identify risks, vulnerabilities, and malicious exploitation based on their digital footprints and includes targeted recommendations and a sample spear phish to mitigate digital and physical risks. With detailed best practice recommendations tailored to the unique aspects of each social platform, corporate security teams will be armed with all the information they need in order to reduce the executive’s digital attack surface. This report covers VIP entities, their spouse/partner, and children/stepchildren up to their graduation from college.
Cost: 12 ODI Credits
Report includes:
- Disclosures of Private and Family Information
- Disclosure of Contact and Residential Information
- Social Media Hygiene
- Tailored Recommendations and Best Practices
- Targeted Mock Spear Phishing Email to Contextualize Findings
Person of Interest Investigation
This report investigates internal or external subjects with an intent to establish identity, determine motivation, and assess reputation to help inform the level of risk and appropriate course of action. With these findings, corporate security teams will be armed with comprehensive, actionable intelligence they can use to support the desired course of action against the subject of the investigation.
Cost: 4 ODI Credits
Report includes:
- Key Points of Concern
- Identity Information
- Social Media Posture
- Criminal History
- Reputational Issues
- Affiliations
Background Check Investigation
This report provides clients with background information for a subject of interest - frequently for hiring or employment purposes. This investigation on internal or external subjects has the intent of establishing their identity and assessing their reputation to help inform client stakeholders about hiring or continued employment decisions. With these findings, clients will be armed with comprehensive, actionable intelligence they can use to support their staffing decisions.
Cost: 4 ODI Credits
Report includes:
- Key Points of Concern
- Identity Information
- Social Media Posture
- Criminal History
- Reputational Issues
- Affiliations
Attack Surface Assessment
This report is an assessment of the company's cybersecurity posture across several categories of risk. With these findings, security teams will be armed with comprehensive, outside-in, actionable intelligence they can use to prioritize actions to mitigate any risks identified.
Cost: 5 ODI Credits
Report includes:
- Evidence of System Compromise or Infection
- Compromised Account Credentials
- Leaks of Sensitive Data
- Domain Hygiene
- Threat Actor Chatter
Phishing Kit Analysis
Phishing tactics have evolved and found a receptive audience within underground communities which thrive on the sale and commodification of phish kits and the resulting harvested credentials. Within this clandestine ecosystem, specialization has emerged as a key element, enabling participants to swiftly create and sell tailored phish kits designed to target various entities. Even threat actors with limited programming skills can deploy these kits effectively.
The Phishing Kit Analysis Report offers an in-depth investigation into suspected phishing campaigns, focusing on identifying the utilization of established phish kits. Through meticulous threat research and analysis, this report attempts to uncover threat actors distributing and deploying these kits to orchestrate large-scale phishing attacks.
Cost: 5 ODI credits
Report includes:
- In-depth Phish Kit Investigation: Delve into specific techniques, tools, and tactics employed in the phishing campaign. Uncover the presence of any existing phish kit, providing insights into attacker methods.
- Evaluation of Scale and Intent: Assess the campaign's magnitude and motives behind deploying a phish kit, offering insights for threat anticipation.
- Risk Assessment and Mitigation Recommendations: Present findings clearly with actionable recommendations to mitigate identified risks effectively.
Supply Chain & Third-Party Risk Assessment
This report assesses a company's online posture with a focus on cyber, reputational, and regulatory vulnerabilities and risks. With these findings, security, strategy, and vendor management teams will be armed with comprehensive, actionable intelligence they can use to assess risks associated with their third parties, subsidiaries, or acquisition targets to make confident decisions.
Cost: 8 ODI Credits
Report includes:
- Evidence of System Compromise and Dark Web Chatter
- Disclosures of Sensitive Data and Compromised Account Credentials ● Social Media and Brand Hygiene
- Reputational Concerns
- Regulatory Compliance and HR
Industry Threat Landscape
This assessment is focused on industry-specific cyber threat trends of strategic importance to you. Whether it is a historical look at the ransomware targeting organizations in the Retail industry or a more focused deep-dive into attacks on cryptocurrency exchanges in the Financial Services sector, our team will prepare reports that meet your intelligence requirements and inform you of shifts in threat landscapes. With these findings, security leaders will be armed with comprehensive, actionable intelligence they can use to support strategic decision-making.
Cost: 12 ODI Credits
Report includes:
- Top Risks
- Key Attacks
- Attacker Tools and Methods
- Assessment of Criminal and State-Sponsored Activity
- Impact on Organizations
- Mitigations and Best Practices
Travel Assessment
This report provides security intelligence regarding physical, cyber, and geopolitical risks associated with a designated geographic region, country, or location of interest, along with recommendations and best practices. With these findings, corporate security teams will be armed with comprehensive, actionable intelligence they can use to ensure the appropriate planning occurs and precautions are put into place prior to the travel event to the location(s) in question.
Cost: 8 ODI Credits
Report includes:
- Physical Security Risks
- Cyber Security Risks
- Best Practices and Recommendations
Dark Ops Investigations
Dark Ops investigations include reports on dark web system discoveries plus engagement with operatives for network-specific information. Investigation reports typically take two to three weeks from the start by an expert TI analyst in a 9-5 role. Expedited delivery is available on a case-by-case basis.
Dark Web Incident RFI / Investigation
A response for additional context surrounding a Dark Web event or incident—correlation of alerts, context, alleged data leak, PII exposure, etc.—that includes next-step action options, such as the acquisition of artifacts associated with the alert (compromised accounts, malicious tools, botnet log, etc.) at an additional cost.
Cost: 1 ODI Credit
Dark Web Investigation
A comprehensive sweep of Deep and Dark Web forums and marketplaces for exposure of client data, including any alleged data dumps and botnet logs; cyber actor chatter regarding plans and intentions against client; and any malicious tools aimed at harming or undermining the client. The deliverable will be a professionally prepared Intelligence Brief. Cost: 12 ODI Credits
Managed Deep and Dark Web Hunting
A team of embedded Dark Ops operatives will populate intelligence in the form of Key Incidents from closed, exclusive deep and dark web forums (DDW) and marketplaces, unavailable by traditional collection methods. Key Incidents are typically populated in the platform weekly, sometimes daily, or as often as DDW actors are discussing the client’s brand in a 9-5 cadence, Monday through Friday. This service is performed proactively and is tailored to the client’s prioritized intelligence requirements and specific risk profile.
What’s Included:
- Eight (8) reach-backs monthly; $1,000 monthly allowance for DDW purchases (non-transferable, does not rollover month-to-month)
- A monthly oral brief to go over any DDW findings, trends, or changes to the client’s prioritized intelligence requirements
- Up to five (5) wholly-owned brands of the client will be monitored
Cost: 96 ODI Credits Annually
Dark Ops Direct Engagement
Find and establish direct communication with specific threat actors to inquire about information acquisition, ransomware payments, or other tasks. Dark Ops engagements typically take five to seven days from the start. Expedited performance can accelerate this to one to two days at the cost of double the ODI Credits.
Digital Asset - Inquiry Only
ZeroFox will identify and directly engage with a threat actor to specify price and terms.
Cost: 1 ODI Credit
Digital Asset Inquiry, Transaction, and Recovery
ZeroFox will identify and directly engage with a threat actor to specify price and terms. Customers may identify "initial offer, counter, max" or accept recommendations from ZeroFox DW Ops. The customer will also fund the "MAX" amount in escrow, to be converted at market into cryptocurrency dictated by terms at the market rate. "Inquiry Only" is available but not recommended.
Cost: 5 ODI Credits
Crypto Wallet Setup
Setup of a single wallet in the coin of choice: Bitcoin, Ethereum, XRP, Tether, or Cardano. Includes training on operations of wallet, including security hygiene. ZeroFox provides no protection of wallets after the changeover to the customer. Funding of wallet is billed separately, in advance at cost plus 5 percent.
Cost: 6 ODI Credits
Ransomware Data Download, Parsing for Client Mentions
If a client requests that ZeroFox download data from a ransomware collective, ZeroFox Dark Ops Team offers two options: the team can 1) download only the data and pass it directly to the client via a secure cloud link without parsing for mentions; or 2) download, parse the data for client mentions, and then upload it to a secure cloud instance from which the client can pull down the data for onward analysis.
Cost:
- Download Only: 4 ODI Credits per data set
- Download and Parse: 8 ODI Credits per data set
Sting
If permitted and on a case-by-case basis, ZeroFox will coordinate with law enforcement in different countries across the globe to assist in investigations that may lead to the arrest and prosecution of an underground cyber actor or group, including the especially heinous perpetrators of crime. Requires direct agreement of procedures by ZeroFox Dark Operative to protect their identity.
Cost: 12 ODI Credits
Intelligence Services - Special Projects
For other projects not listed in this catalog, the ZeroFox OnDemand Investigations & Dark Ops Services team will perform custom investigations or assessments tailored to your needs. Please contact your ZeroFox representative to discuss your specific intelligence requirements and desired outcomes.