PaulDotCom mailing list archives

Taking a leak on the wire

From: Adrian Crenshaw <irongeek () irongeek com>
Date: Sun, 17 Oct 2010 22:30:19 -0400

I’m working on a presentation, and need a little help. I’m trying to come up
with little things “Pro Bono Pentesters” forget about that may lead to their
identity being discovered, tie them to an event, or at least reduce the
“anonymity set” they are in.

Mac Address left in logs
Browser tabs that automatically open that may give info about them (for
example, if I have my tabs auto open to my site, my webmail, etc)
Network scans that are done that automatically use the credentials of the
logged in  user
Host name/NetBIOs info that makes it obvious who it is
Last DHCP lease renew (example, the IDS on a network notice that particular
host requested a renew for a specific IP, and using that IP they can figure
out the last network the person was on. Need more details how this workd)

Other ideas?

Thanks,
Adrian

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Current thread:

Taking a leak on the wire Adrian Crenshaw (Oct 18)
- Re: Taking a leak on the wire d4ncingd4n (Oct 19)
- Re: Taking a leak on the wire Bill Swearingen (Oct 19)
- Re: Taking a leak on the wire Jim Halfpenny (Oct 19)
- Re: Taking a leak on the wire Michael Dickey (Oct 19)