Defcon 17 Tactical Fingerprinting using Foca

60 %
40 %
Information about Defcon 17 Tactical Fingerprinting using Foca

Published on August 3, 2009

Author: chemai64



Talk delivered by Chema Alonso and José Palazón "Palako" in Defcon 17 about "Tactical Fingerprinting using metadata, hidden info and lost data".

Chema Alonso, José Palazón “Palako” Tactical Fingerprinting using metadata, hidden info and lost data using FOCA

2003 – a piece of history Irak war was about to start US wanted the UK to be an ally. US sent a document “proving” the existence of massive destruction weapons Tony Blair presented the document to the UK parliament. Parliament asked Tony Blair “Has someone modified the document?” He answered: No

2003 – MS Word bytes Tony Blair

What kind of data can be found? Metadata: Information stored to give information about the document. For example: Creator, Organization, etc.. Hidden information: Information internally stored by programs and not editable. For example: Template paths, Printers, db structure, etc… Lost data: Information which is in documents due to human mistakes or negligence, because it was not intended to be there. For example: Links to internal servers, data hidden by format, etc…

Metadata Metadata Lifecycle Wrongmanagement Badformatconversion Unsecureoptions Wrongmanagement Badformatconversion Unsecureoptions New apps orprogram versions Searchengines Spiders Databases Embedded files Hiddeninfo Lost Data Embedded files

Metadatacreatedby Google

Lost Data

Lost data everywhere

Public server

So… are people aware of this? The answer is NO. Almost nobody is cleaning documents. Companies publish thousands of documents without cleaning them before with: Metadata. Hidden Info. Lost data.

Sample: Total: 4841 files

Are theyclean? Total: 1075 files

Howmany files is my companypublishing?

Sample: Printer info found in odf files returned by Google

Google Sets prediction

Sample: Info found in a PDF file

What files store Metadata, hidden info or lost data? Office documents: Open Office documents. MS Office documents. PDF Documents. XMP. EPS Documents. Graphic documents. EXIFF. XMP. And almost everything….

Pictureswith GPS info.. EXIFREADER

Demo: Lookingfor EXIF information in ODF file

Even Videos withusers…

And of course, printedtxt

What can be found? Users: Creators. Modifiers . Users in paths. C:Documents and settingsjfoomyfile /home/johnnyf Operating systems. Printers. Local and remote. Paths. Local and remote. Network info. Shared Printers. Shared Folders. ACLS. Internal Servers. NetBIOS Name. Domain Name. IP Address. Database structures. Table names. Colum names. Devices info. Mobiles. Photo cameras. Private Info. Personal data. History of use. Software versions.

How can metadata be extracted? Info is in the file in raw format: Binary. ASCII . Therefore Hex or ASCII editors can be used: HexEdit. Notepad++. Bintext Special tools can be used: Exifredaer ExifTool Libextractor. Metagoofil. … …or just open the file!

Tools: Libextractor

Tools: MetaGoofil

Add a comment

Related presentations

Presentación que realice en el Evento Nacional de Gobierno Abierto, realizado los ...

In this presentation we will describe our experience developing with a highly dyna...

Presentation to the LITA Forum 7th November 2014 Albuquerque, NM

Un recorrido por los cambios que nos generará el wearabletech en el futuro

Um paralelo entre as novidades & mercado em Wearable Computing e Tecnologias Assis...

Microsoft finally joins the smartwatch and fitness tracker game by introducing the...

Related pages

DEFCON 17 - Tactical Fingerprinting Using Metadata Hidden ...

... Palako at Defcon 17 about Tactical Fingerprinting using metadada, hidden info and lost data with FOCA ... Fingerprinting Using Metadata ...
Read more

Tactical Fingerprinting Using Metadata, Hidden Info And ...

Tactical Fingerprinting Using Metadata, Hidden Info And Lost Data (Defcon 17) ... This session will show you how to use FOCA tool to collect the files, ...
Read more

DEFCON® 17 Hacking Conference: Speakers

Tactical Fingerprinting Using Metadata, ... This session will show you how to use FOCA tool to ... Welcome to Defcon 17 with Dark Tangent and the Making ...
Read more

Foca | LinkedIn

Defcon 17 Tactical Fingerprinting using Foca. 8,289 Views. chemai64. Defcon 18: FOCA 2. 8,594 Views. ... Join LinkedIn groups about Foca 17 groups on LinkedIn.
Read more

Defcon | LinkedIn

Defcon 17 Tactical Fingerprinting using Foca. 8,240 Views. nickgsuperstar. New techniques in sql obfuscation, from DEFCON 20. 4,199 Views. chemai64. Defcon ...
Read more

Security-Shell: FOCA 0.9 Released -

See also Defcon 17 Tactical Fingerprinting using Foca. by d3v1l at 8:38 PM. Email This BlogThis! Share to Twitter Share to Facebook Share to Pinterest.
Read more

[Download] FOCA : Extracting website Meta data : Home

[Download] FOCA : Extracting website Meta data. ... DEFCON 18: FOCA2: The FOCA Strikes Back 1/3. ... DEFCON 17: Tactical Fingerprinting Using Metadata, ...
Read more

Tactical Fingerprinting Using Metadata, Hidden Info and ...

Tactical Fingerprinting Using Metadata, ... Subject: Metadata Keywords: Metadata,Defcon, DEF CON, ... Exploit, Defcon 17, Lost Data, Hidden Info, ...
Read more