Security should cover more than just what we know. As a common practice, we define the scope of assessment including the systems, networks, applications, and data that will be assessed. Hackers, by their very nature, have no predefined scope. They often seek to exploit any entry points they can find, those we may consider less significant or even we aren't aware of yet. Unknown threats are lurking in the shadows! This talk will delve into how attack surface discovery and management contribute significantly to visibility, a pivotal foundation of effective cyber defense strategies.