1. InfoconDB
  2. DEF CON
  3. DEF CON 17 (2009)
  4. Tactical Fingerprinting Using Metadata, Hidden Info and Lost Data

Tactical Fingerprinting Using Metadata, Hidden Info and Lost Data

Presented at DEF CON 17 (2009), Aug. 2, 2009, 1 p.m. (50 minutes)

In 2003 Tony Blair was "bytten" by a word document which its metadata demonstrated had been edited. Since that days a lot of advisories warning about to keep free of undesired data all published document shown up around the whole Internet... but times went by and people don't worry so much about this BIG problem. In this session you will see how analyzing all published documents in a website is possible to fingerprint a lot of (if not almost all) information about the internal network. This session will show you how to use FOCA tool to collect the files, gathering the information from ODF, MS Office, PDF/EPS/PS files, cross the information found with artificial intelligence rules and fingerprint big amount of info about the network structure, matching IP address with internal server names, printers, shared folders, ACLs...and to show how it can effectively be used by security consultants who traditionally could only offer source code fixes.


Presenters:

  • José Palazón "Palako" - Yahoo!   as Jose Palazon "Palako"
    Jose Palazon (Palako) is responsible for Mobile security worldwide at Yahoo!. He is 8+ years experienced in security advisory and training, covering private companies, government and academics in both areas. His areas of expertise include mobile, web and unix systems security as well as digital forensics.
  • Chema Alonso - MVP Enterprise Security, CTO Inform·tica64
    Chema Alonso is a Computer Engineer by the Rey Juan Carlos University and System Engineer by the PolitÈcnica University of Madrid. He has been working as security consultant last six years and had been awarded as Microsoft Most Valuable Professional since 2005 to present time. He is a Microsoft frequent speaker in Security Conferences. He writes monthly in several Spanish Technical Magazines. He is currently working on his PhD thesis about Blind Techniques. Recently spoke in BH Europe 2008 about LDAP Injection & Blind LDAP Injection attacks, in Defcon 16 about Time-Based Blind SQL Injection using heavy Queries, in Toorcon X about RFD (Remote File Downloading), in DeepSec 2k8 in Austria. Recently has been selected to be presenting in HackCon#4 in Norway, in SchmooCon 2k9 in Washington DC and in Black Hat Europe 2009.

Links:

Similar Presentations: