Posts

Showing posts from September, 2010

Data Leakage: Protection against FOCA

FOCA Tool: http://www.informatica64.com/downloadfoca/   Vulnerability: Even though FOCA tool, an excellent meta-data extraction and analysis tool, were out, only a few cares about their leaked information such as - their softwares used to create their documents (PDF)- their Operating System users- their network shares Threats: Vector: network shares And how we exploit: - this allows attackers to draw a internal network diagram based on the shares that leak internal IP or internal hostname information Vector: softwares used to create their documents (PDF,DOC) And how we exploit: - this allows attackers to (re)search for RCE (remote code execution) vulnerabilies in such softwares - this allows attackers to add additional information like Operation Systems leaked via their softwares like doPDF ver 6.0 build 224(Windows Server 2003 x64) Vector: their Operating System users And how we exploit: - social engineering attack - attackers will start from weakest users such as help desk- ac