Well, it has been some time since it happened but I passed my GCIH Gold paper! Some readers may already know this already, but figured I’d at least throw out the lowdown.
Read the whole paper here.
I entitled the paper “Document Metadata, the Silent Killer…”. Ultimately the paper covers some traditional metadata found in jpeg images, Office documents, PDFs, and a few other interesting places. I talk at length about how to analyze, gather information and make reasonable assumptions about client/network/user configuration and possible attack vectors based on the information from metadata.
sm-farthog.jpgThis information can be beneficial to a penetration tester, as wall as an attacker. In the “perfect storm” we can take the information gathered to be able to deliver a spear fishing type of attack, with a high amount of confidence that the attack will be successful.
The paper also delves into some methods for limiting initial exposure, as well as how to prevent some of the exposure to begin with. I also talk about organizational policy, and some methods on how to introduce separation of duties to prevent accidental exposure.
The paper is fairly lengthy with quite a few examples. Through the course of the paper, I was actually instructed that the paper was too long, and covered too much. I’m of the opinion that it should be done right, so the original content stayed.
So, now you know why much of my technical content lately has been on metadata! Certainly the paper only covers the tip of the iceberg for metadata contents and file formats, but one has to start somewhere. Over the next few weeks the podcast and here on blog I’ll be covering some more metadata sanitization.
If you have any feedback, comments or sugestions, don’t hesitate to drop me a note at larry /at/ securityweekly.com
– L