Re: Taking a leak on the wire

[Jim Halfpenny <jim.halfpenny () gmail com>]

Hi,
Also consider all of the other 'chatty' protocols that send packets
across the network. mDNS/Bonjour for example, dynamic DNS updates and
of course all the windows services that regularly spew packets onto
the network. Applications with clear-text credentials like mail and IM
clients could also reveal the identity of the user. Other clear-text
identifiers like browser cookies may contain personally identifiable
content e.g. remember my username/email for login forms or may be
cross referenced with previous traffic.

Regards,
Jim

On 18 October 2010 03:30, Adrian Crenshaw <irongeek () irongeek com> wrote:
> I’m working on a presentation, and need a little help. I’m trying to come up
> with little things “Pro Bono Pentesters” forget about that may lead to their
> identity being discovered, tie them to an event, or at least reduce the
> “anonymity set” they are in.
>
> Mac Address left in logs
> Browser tabs that automatically open that may give info about them (for
> example, if I have my tabs auto open to my site, my webmail, etc)
> Network scans that are done that automatically use the credentials of the
> logged in  user
> Host name/NetBIOs info that makes it obvious who it is
> Last DHCP lease renew (example, the IDS on a network notice that particular
> host requested a renew for a specific IP, and using that IP they can figure
> out the last network the person was on. Need more details how this workd)
>
> Other ideas?
>
> Thanks,
> Adrian
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com