CYBER MONGOL
  • Our Journey
  • Intelligence Engine
  • ASATA
  • Human-Machine Teaming
  • Operator Research
  • Achievements and Media
  • Counter Intelligence
  • Our Journey
  • Intelligence Engine
  • ASATA
  • Human-Machine Teaming
  • Operator Research
  • Achievements and Media
  • Counter Intelligence
Search by typing & pressing enter

YOUR CART

3/14/2021

Leaking Information via PDF Metadata

Picture
*Leaking Information via PDF Metadata* I just read an extremely interesting paper (below) on exploiting metadata found in various document types, specifically to enumerate an organization. We built a quick test by putting together a simple Hunter signature to search for publicly published PDF files (major cybersecurity company) and then parsed the PDF’s metadata for information that could be used on campaign. An adversary could easily create similar automation and then extract usable information like usernames and file paths used to create the document, software used, patching habits for that software and more. I’m not too proud to admit that we haven’t been sanitizing our metadata either…which we will definitely start to.

Paper: https://lnkd.in/ekFdRf3


#infosec #cybersecurity #informationsecurity #threatintelligence #networksecurity #sec #security #tools #offensivesecurity #pentesting #redteam #blueteam

Comments are closed.

    Archives

    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    September 2020
    August 2020
    July 2020

    Categories

    All

    RSS Feed

contact us:
© COPYRIGHT 2015. ALL RIGHTS RESERVED.