PaulDotCom mailing list archives
Re: Taking a leak on the wire
From: Jim Halfpenny <jim.halfpenny () gmail com>
Date: Tue, 19 Oct 2010 10:09:53 +0100
Hi, Also consider all of the other 'chatty' protocols that send packets across the network. mDNS/Bonjour for example, dynamic DNS updates and of course all the windows services that regularly spew packets onto the network. Applications with clear-text credentials like mail and IM clients could also reveal the identity of the user. Other clear-text identifiers like browser cookies may contain personally identifiable content e.g. remember my username/email for login forms or may be cross referenced with previous traffic. Regards, Jim On 18 October 2010 03:30, Adrian Crenshaw <irongeek () irongeek com> wrote:
I’m working on a presentation, and need a little help. I’m trying to come up with little things “Pro Bono Pentesters” forget about that may lead to their identity being discovered, tie them to an event, or at least reduce the “anonymity set” they are in. Mac Address left in logs Browser tabs that automatically open that may give info about them (for example, if I have my tabs auto open to my site, my webmail, etc) Network scans that are done that automatically use the credentials of the logged in user Host name/NetBIOs info that makes it obvious who it is Last DHCP lease renew (example, the IDS on a network notice that particular host requested a renew for a specific IP, and using that IP they can figure out the last network the person was on. Need more details how this workd) Other ideas? Thanks, Adrian _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Taking a leak on the wire Adrian Crenshaw (Oct 18)
- Re: Taking a leak on the wire d4ncingd4n (Oct 19)
- Re: Taking a leak on the wire Bill Swearingen (Oct 19)
- Re: Taking a leak on the wire Jim Halfpenny (Oct 19)
- Re: Taking a leak on the wire Michael Dickey (Oct 19)