Our mission
Hestia - Cybersecurity solutions for EASM & DRPS subjects
Elevate your security on exposed attack surface with our SaaS solutions. Anticipate & detect to prevent, that’s the goal of this solution. See your exposure as if you were an attacker.
Why choose Hestia from Oletros?
Each of the following features enhances our value proposition.
OSINT for asset discovery
We use the same techniques as attackers to discover your exposed assets. Exposure means risk, and risk involves mitigating.
Offensive mindset
We build our solutions with the aim to penetrate systems to better defend our clients against threat actors.
Consulting activity
We have consultants across many sectors, keeping us up to date on the latest malicious trends.
We do Threat Intelligence
Because it's not just about reading articles, we have our own personas, enriched datasets, honeypots infrastructure and more.
API friendly infrastructure
Many of our customers use extensively tools to interconnect external solutions to their internal ones, so all the data we produce is accessible by API.
Active fight against online fraud
We report hundreds of websites per week, from NSFW spam sites to APT group malware repositories.
Phishing is our thing
We work a lot on offensive phishing. We know how to identify assets at risk and targets sought by attackers to better inform you.
Monitoring leaked credentials online
We manage threat intelligence personas to have access to forums & repositories where leaked credentials are shared and sold.
Use cases
Discover how Hestia serves as the ideal platform, providing tailored and contextualized information to improve your security.
Login form hijacking
Customer situation
At a customer using a known identity service provider, we identified the possibility of carrying out a frame hijacking attack. We presented a poc where we could embed the client's page on a site we own and steal the credentials typed.
Our resolution
We tested all authentication endpoints and reported back. We presented how the operation works and above all how to definitively resolve the problem as well as additional information to give to the identity provider.
Fake store infrastructure
Customer situation
We had detected several similar sites targeting our client. After investigation, it turned out that it was a large infrastructure and not just a single site. Moreover, we noticed that this operator targets many other companies in the Retail & Luxury sector.
Our resolution
We have identified common markers between the different fakestores to be able to uncover the entire infrastructure. We were subsequently able to request the takedown of the sites and add them to the Google SafeBrowsing blocklist.
