Data Leakage: Protection against FOCA

FOCA Tool:  

Vulnerability:Even though FOCA tool, an excellent meta-data extraction and analysis tool, were out, only a few cares about their leaked information such as - their softwares used to create their documents (PDF)- their Operating System users- their network sharesThreats:

Vector: network shares
And how we exploit:
- this allows attackers to draw a internal network diagram based on the shares that leak internal IP or internal hostname information

Vector: softwares used to create their documents (PDF,DOC)
And how we exploit:
- this allows attackers to (re)search for RCE (remote code execution) vulnerabilies in such softwares
- this allows attackers to add additional information like Operation Systems leaked via their softwares like doPDF ver 6.0 build 224(Windows Server 2003 x64)

Vector: their Operating System users
And how we exploit:

- social engineering attack
- attackers will start from weakest users such as help desk- account compromise - attackers will look for any logged-in stuffs in SMTP, HTTP pages such as Outlook web mail loggin, SSL VPN loggin, possibly any protocol log-in to crack users with weak passwords. Successful compromise will lead to compromise of corporate data if there is no enforcement of strict password policy. - we, penetration testers, take advantage this in our internal penetration tests because we've already collected some good footprinting their internal networks and their usersSolutions

For enterprise SMEs,Use a dedicated Virtual Machine with document compression softwares (Nice PDF Compressor, FILEminimizer, PowerShrink ,..etc)Last but not least,Your documents might have already been cached by proxy servers, ISP, ...etc.Then, use a server-side approach to prevent cache like:


Popular posts from this blog

Bypassing referrer check with no script involved

Jumping out of Touch Screen Kiosks