You are leaking metadata! Asbjrn Reglund.com Thorsen 10.06.2016 - - PowerPoint PPT Presentation

▶

Jun 13, 2023 27 likes •338 views

hEp://www.observeit.com/blog/throw-back-hack-the-infamous-aol-data-leak You are leaking metadata! Asbjrn Reglund.com Thorsen 10.06.2016 EUNIS, Thessaloniki About me Work as head of group at FSAT in Norway PenetraQon tester since 2008

SLIDE 1

You are leaking metadata!

Asbjørn Reglund.com Thorsen 10.06.2016 EUNIS, Thessaloniki

hEp://www.observeit.com/blog/throw-back-hack-the-infamous-aol-data-leak

SLIDE 2

About me

Work as head of group at FSAT in Norway
PenetraQon tester since 2008
Background in programming
Security enthusiast

hEp://reglund.ninja/

SLIDE 3

Goal of this talk

Make you aware of metadata
Show what a hacker can use metadata for
Make you check your own metadata
Maybe aVer this talk you will change your

rouQnes regarding washing documents of metadata?

hEp://www.referenceforbusiness.com/management/Ex-Gov/Goals-and-Goal-SeYng.html

SLIDE 4

What is metadata?

Data about data
Greek: meta- (μετά-) meaning "aVer", or

"beyond")

SLIDE 5

SLIDE 6

Why metadata maEers

They know you rang a phone sex service at 2:24

am and spoke for 18 minutes. But they don’t know what you talked about

They know you called the suicide prevenQon

hotline from Golden Gate Bridge. But the topic

f the call remains a secret.
They know you spoke with an HIV tesQng

service, then your doctor, then your health insurance company in the same hour. But they don’t know what was discussed.

Source: 30C3 Electronic FronQer FoundaQon

SLIDE 7

Metadata findings

Usernames
Mail addresses
Passwords
Printers
SoVware versions
GPS coordinates
Dates
Author
Camera type
RotaQon
Computer names
And much more..

hEps://hubslide.com/chema-alonso/defcon-21-fear-the-evil-foca-mitm-aEacks-using-ipv6-s56d4bd2f8d070ead0e63bd79.html

SLIDE 8

We know where you are!

In a new tab, log in to your gmail account
hEps://maps.google.com/locaQonhistory/b/1/

hEp://www.bbc.com/news/blogs-news-from-elsewhere-30414032

SLIDE 9

SLIDE 10

SLIDE 11

SLIDE 12

SLIDE 13

QuesQon…..

SLIDE 14

SLIDE 15

exiVool -gpsposiQon where_is_this.jpg

SLIDE 16

SLIDE 17

Μεταδεδομένα

Normally in all electronic files
Try to google yourself
Quick demo

SLIDE 18

A ficQve scenario

Interpol contacted Mr. H. Acker
Prevent a killing
AVer the hunt for S. Niper for 2 years
Intelligence reveals a strange message in an

internet forum

SLIDE 19

Forum message

UGxhY2U6IFRoZXNzYWxvbmlraQ0KSG90ZWwgYm9va2VkOiBFbG VjdHJhIFBhbGFjZQ0KUm9vbTogMTMzNw0KVGFyZ2V0OiBodHR wOi8vZm9say51aW8ubm8vYXNiam9ybnQvd2VpcmRfdGV4dA0K VGltZTogOCBKdW5lIGF0IDEyLjAwDQpXaGVyZTogVEJE

SLIDE 20

Results aVer decoding

Place: Thessaloniki
Hotel booked: Electra Palace
Room: 1337
Target: hEp://folk.uio.no/asbjornt/weird_text
Time: 10 June at 11.20
Where: TBD

SLIDE 21

Catching the Sniper

The Greek Police stormed room 1337
Sniper escaped nearly without a trace
The room was totally empty but for one thing

SLIDE 22

SLIDE 23

Analyzing the memory sQck

Would you put this usb sQck into your laptop?

– Why? – Why not?

SLIDE 24

Lets look at the files on the memory sQck..

SLIDE 25

SLIDE 26

hEps://memegenerator.net/instance/57305385

SLIDE 27

Interpol: GOT HIM!

SLIDE 28

Sum up

Interpol found a strange forum post
We used some techniques to drill down to the

metadata

S. Niper did not think about the metadata
We did!
Google! Bing!

SLIDE 29

ExiVool free and relaQvely simple

exiVool -all:all

=> read all the tags.

exiVool -all:all=

=> remove all the tags

Lots of other tools
Foca (Chema Alonso)
hEp://metadatascrubbing.blogspot.gr/

hEp://www.giantbomb.com/forums/off-topic-31/are-thumbs-ups-lame-434157/

SLIDE 30

Slides or Hacked Your choice ;-) Thank you for your aEenQon!

SLIDE 31

Contact info

Mail: asbjornt@fsat.no
TwiEer: @fuzzerman
Security blog: h.ps://Reglund.com
Linkedin:

h.ps://no.linkedin.com/in/reglund/ QuesQons?

23/06/16 Asbjørn Reglund Thorsen <asbjornt@fsat.no> TwiEer: @fuzzerman

hEp://launchany.com/10-quesQons-your-api-document-must-answer/