7. A documentis Whatyousee… And whatyoudon´t Templatepaths Usersworked in it. Departments. File & Printing Servers VersionHistory Embedded files …
8. What kind of data can be found? Metadata: Information stored to give information about the document. For example: Creator, Organization, etc.. Hidden information: Information internally stored by programs and not editable. For example: Template paths, Printers, db structure, etc… Lost data: Information which is in documents due to human mistakes or negligence, because it was not intended to be there. For example: Links to internal servers, data hidden by format, etc…
9. Metadata Metadata Lifecycle Wrongmanagement Badformatconversion Unsecureoptions Wrongmanagement Badformatconversion Unsecureoptions New apps orprogram versions Searchengines Spiders Databases Embedded files Hiddeninfo Lost Data Embedded files
10. MetadataRisks “Secret” relationships Government & companies Companies & providers Piracy discovery Reputation Social engineering attacks Targeting Malware
93. Network DiscoveryAlgorithm http://apple1.sub.domain.com/~chema/dir/fil.doc http -> Web server GET Banner HTTP domain.com is a domain Search NS, MX, SPF records for domain.com sub.domain.com is a subdomain Search NS, MX, SPF records for sub.domain.com Try allthe non verified servers onall new domains server01.domain.com server01.sub.domain.com Apple1.sub.domain.com is a hostname Try DNS Prediction (apple1) onalldomains Try Google Sets(apple1) onalldomains
94. Network DiscoveryAlgorithm http://apple1.sub.domain.com/~chema/dir/fil.doc 11) Resolve IP Address 12) GetCertificate in https://IP 13) Searchfordomainnames in it 14) Get HTTP Banner of http://IP 15) Use Bing Ip:IPtofindalldomainssharingit 16) Repeatforevery new domain 17) Connecttotheinternal NS (1 orall) 18) Perform a PTR Scansearchingforinternal servers 19) Forevery new IP discovered try Bing IP recursively 20) ~chema-> chemaisprobably a user
95. Network DiscoveryAlgorithm http://apple1.sub.domain.com/~chema/dir/fil.doc 21) / , /~chema/ and /~chema/dir/ are paths 22) Try directorylisting in allthepaths 23) Searchfor PUT, DELETE, TRACE methods in everypath 24) Fingerprint software from 404 error messages 25) Fingerprint software fromapplication error messages 26) Try commonnamesonalldomains (dictionary) 27) Try Zone Transfer onall NS 28) Searchforany URL indexedby web enginesrelatedtothehostname 29) Downloadthe file 30) Extractthemetadata, hiddeninfo and lost data 31) Sortallthisinformationand presentitnicely 32) Forevery new IP/URL startoveragain
116. DNS Cache Snooping Internal Software Windows Update Gtalk Evilgrade Detecting vulnerable software toEvilgradeattacks AV evassion Detectinginternal AV systems Malware drivenby URL Hacking a web siteussuallyvisitedbyinternalusers