FOCA (Fingerprinting Organizations with Collected Archives)FOCA is a tool used mainly to find metadata and hidden information in the documents it scans. These documents may be on web pages, and can be downloaded and analysed with FOCA. It is capable of analysing a wide variety of documents, with the most common being Microsoft Office, […]
FATT is a script for extracting network metadata and fingerprints such as JA3 and HASSH from packet capture files (pcap) or live network traffic. The main use-case is for monitoring honeypots, but you can also use it for other use cases such as network forensic analysis. fatt works on Linux, macOS and Windows. Note […]
Pymeta will search the web for files on a domain to download and extract metadata. This technique can be used to identify: domains, usernames, software/version numbers and naming conventions. Pymeta is a Python3 rewrite of the tool PowerMeta, created by dafthack in PowerShell. It uses specially crafted search queries to identify and download the following […]
A script for extracting network metadata and fingerprints such as JA3 and HASSH from packet capture files (pcap) or live network traffic. The main use-case is for monitoring honeypots, but you can also use it for other use cases such as network forensic analysis. fatt works on Linux, macOS and Windows. Note that fatt uses […]
A vulnerability that was detected in the web version of Google Photos could be used by hackers to retrieve image metadata. ZDNet reports, “Google has patched a bug in its Photos service that could have allowed a malicious threat actor to infer geo-location details about images a user was storing in their Google Photos account.” […]
“We kill people based on metadata,” said Michael Hayden, former NSA and CIA director, in 2014. But what is it and why should you care about it? Although it was coined in the 60’s, experts in digital forensics believe that the term “metadata” became public domain until the 21st century, due to the leaks of […]
Messaging apps are now becoming more and more secure to make it difficult or rather impossible for anyone to access your conversations. Switching to end-to-end encryption although offered a stronger layer of protection but still the unencrypted metadata like sender/receiver information, message sending time, etc., wasn’t secured enough and could be exploited by an attacker. […]
Metadata-Attacker or a set of cross-site scripting vectors to test any webservice against possible XSS vulnerabilities when displaying unfiltered meta datWith this small suite of open source pentesting tools you’re able to create an image (.jpg), audio (.mp3) or video (.mp4) file containing your custoa. Installation / Usage First install docker on your host system. […]
The new Annual Statistical Transparency report published by the Office of The Director of National Intelligence (ODNI) gives the highlights of NSA’s surveillance campaigns. In 2017, the agency sourced the metadata of over 530 million call records related to targets. That’s more than three times than the data collected in 2016, i.e., 151 million. The metadata […]
Metadata from web traffic generated by smart devices installed in a home can reveal quite a lot of information about the owner’s habits and lifestyle. According to research published this month by experts from Princeton University, a determined attacker with “capabilities similar to those of an ISP” can use passive network monitoring techniques to collect […]
Every organization is producing files on a daily basis with content that is approved for publishing. There’s a catch to that: You as a company are in fact publishing more data than you think. Every time a document is created, software that was used to create that document inserts their so called metadata which can […]
I recently worked on a small toy project to execute untrusted Python code in Docker containers. This lead me to test several online code execution engines to see how they reacted to various attacks. While doing so, I found several interesting vulnerabilities in the code execution engine developed by Qualified, which is quite widely used including by […]
A report published in the Conservation Biology magazine cites several incidents gathered from all over the world in the past years, where technologies introduced to simplify the work of animal protection groups and state authorities have been hijacked or turned against the animals they were meant to protect. In most of these incidents, at the […]
Two researchers have analyzed images Exif metadata included in the photos used by crooks to advertise their products on black marketplaces in the dark web. Darknets are a privileged environment for crooks that intend to develop a prolific business protecting their anonymity, anyway, there are several aspects that they need to consider in order to […]
Ricochet is the most secure encrypted anonymous messenger that sends no metadata. The security experts have approved a new internet messaging tool that bypasses the federal government’s metadata collection system to help human rights activists and journalists protect whistleblowers. Called the Ricochet, this software has been in development for around two years. However, following a […]
Short Bytes: 1Password, a password manager feature has been found to leak traces of the user account’s metadata which could be exploited by the attackers. However, only the older accounts using Agile Keychain format are vulnerable. Storing all your passwords and sensitive information in a single vault appears to be a good option, but what […]