Posts

Showing posts from September, 2010

Data Leakage: Protection against FOCA

FOCA Tool: http://www.informatica64.com/downloadfoca/  




Vulnerability:Even though FOCA tool, an excellent meta-data extraction and analysis tool, were out, only a few cares about their leaked information such as - their softwares used to create their documents (PDF)- their Operating System users- their network sharesThreats:

Vector: network shares
And how we exploit:
- this allows attackers to draw a internal network diagram based on the shares that leak internal IP or internal hostname information

Vector: softwares used to create their documents (PDF,DOC)
And how we exploit:
- this allows attackers to (re)search for RCE (remote code execution) vulnerabilies in such softwares
- this allows attackers to add additional information like Operation Systems leaked via their softwares like doPDF ver 6.0 build 224(Windows Server 2003 x64)

Vector: their Operating System users
And how we exploit:
- social engineering attack
- attackers will start from weakest users such as help desk- account comprom…