A technical look at the first 24 hours: how quickly attackers enumerate and target newly exposed assets The moment a new asset gets a public IP address, a clock starts. Not a slow one. A relentless, automated one. The gap between “this just went live” and “this is being actively probed” is minutes, not days. That’s not theoretical. With the help of our ASM Community Edition, it’s what Sprocket Security sees continuously across customer environments, and it’s exactly what attackers count on: your team won’t know something is exposed until it’s already too late. A developer pushes a new cloud instance. A misconfigured firewall rule opens a port. A vendor portal spins up on a subdomain nobody flagged. Whatever the cause, a new internet-routable endpoint now exists, and security doesn’t get a notification. Automated scanning infrastructure sweeps the entire public internet, constantly. Shodan, Censys, ShadowServer, and others index new hosts on a rolling basis (Censys alone covers tens of thousands of ports). Within an hour, your asset has its open ports catalogued, banner info grabbed (web server version, TLS cert, SSH fingerprint), and response signatures compared against known vulnerability databases. By now your asset shows up in Shodan and Censys queries. Automated attack tooling starts its own recon pass: looking for service versions, open management ports (RDP on 3389, SSH on 22, admin panels on 8080/8443), and TLS certs that pivot to related domains and subdomains. If your new asset has a cert, attackers can learn a lot about your broader infrastructure without ever touching something you were watching. Passive discovery flips to active targeting. GreyNoise data shows scanner activity spikes in this window. Credential stuffing kicks off against SSH and RDP. Web services start getting hit with directory brute-forcing. Databases like Elasticsearch and Redis get probed for unauthenticated access. Frameworks get tested against known CVEs. None of this needs a human to kick it off. Botnets handle it at scale, around the clock.