• Watch
  • Listen
  • Live Stream
Security Weekly
Security Market Validation
  • Listeners
    • Subscribe
    • Insider List
    • Suggest a Guest
  • Shows
    • Paul’s Security Weekly
    • Enterprise Security Weekly
    • Business Security Weekly
    • Application Security Weekly
    • Security & Compliance Weekly
    • Security Weekly News
    • Tradecraft Security Weekly
    • Secure Digital Life
  • Series
    • CISO Stories
    • Getting the Real Work Done in Cybersecurity
  • Webcasts/Trainings
    • Registration
    • On-demand
  • Articles
  • Partners
    • Become a Partner
    • Landing Pages
  • Hosts
  • Company
    • About
    • Careers
    • Contact

Articles

GCIH Gold Paper

Larry Pesce December 26, 2008

Well, it has been some time since it happened but I passed my GCIH Gold paper! Some readers may already know this already, but figured I’d at least throw out the lowdown.
Read the whole paper here.
I entitled the paper “Document Metadata, the Silent Killer…”. Ultimately the paper covers some traditional metadata found in jpeg images, Office documents, PDFs, and a few other interesting places. I talk at length about how to analyze, gather information and make reasonable assumptions about client/network/user configuration and possible attack vectors based on the information from metadata.
sm-farthog.jpgThis information can be beneficial to a penetration tester, as wall as an attacker. In the “perfect storm” we can take the information gathered to be able to deliver a spear fishing type of attack, with a high amount of confidence that the attack will be successful.
The paper also delves into some methods for limiting initial exposure, as well as how to prevent some of the exposure to begin with. I also talk about organizational policy, and some methods on how to introduce separation of duties to prevent accidental exposure.
The paper is fairly lengthy with quite a few examples. Through the course of the paper, I was actually instructed that the paper was too long, and covered too much. I’m of the opinion that it should be done right, so the original content stayed.
So, now you know why much of my technical content lately has been on metadata! Certainly the paper only covers the tip of the iceberg for metadata contents and file formats, but one has to start somewhere. Over the next few weeks the podcast and here on blog I’ll be covering some more metadata sanitization.
If you have any feedback, comments or sugestions, don’t hesitate to drop me a note at larry /at/ securityweekly.com
– L

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Facebook (Opens in new window)

Related Posts

uptrend line arrows with bar chart in stock market on blue color background

Articles /

Ransomware Damage Claims Driving Insurance Hikes

web-application-firewall-comparison-696x423

Articles /

Building a More Secure AppDev Process

apptitude-test

Articles /

Diversifying Cybersecurity Talent Through Aptitude Testing

‹ Banner Grabbing with Nmap: Reloaded › SANS Wireless Ethical Hacking, Penetration Testing and Defenses (SANS 617)

About Security Weekly

Security Weekly is the security podcast network for the security community, distributing free podcasts and media since 2005. We connect the security industry and the security community through our security market validation programs.

More Than Just A Sponsor

We view our relationships with the security industry as partnerships, not sponsorships. Security Weekly works closely with each partner to help you achieve your marketing goals and gain traction in the security market. Interested in becoming a partner? Please visit our partnerships page.

Back to Top

Subscribe To The Blog:

RSS feed RSS - Posts

Search

Latest Tweets

Tweets by @secweekly
© Security Weekly 2022
Powered by WordPress • Themify WordPress Themes