Internal Leaks

Most employees who create and edit documents and are not familiar with IT security may not know which data will be published even under certain conditions. They are cautious about what they write in the document. Still, they don't know that it is not always necessary to write sensitive data in the documents, whether it contains information about the company's working environment.

Almost all websites have their own images, files, documents, and notes which they make available to the visitors. In most cases, these were created or at least edited on computers. Whenever files are modified, so-called metadata is written to the resulting files. These often contain the name of the application that was used for it and sometimes its version. Even some operating systems write their own metadata into these files.

For a regular user, this data is irrelevant. Still, it gives us an excellent insight into the employees' working environment and the software they are using along with the versions.

One of the most effective and most comfortable to use tools is Exiftool. On the website of our target company, we could find some reports which are available for download. We can take advantage of them, download them, and examine these reports to determine if specific metadata has been added to the files.

PreviousIntelligence NextIntroduction

Last updated 5 months ago