Embedded files

Lumension vendor visited the office. During their presentation, they mentioned whitelisting and blacklisting files to tackle data leakage. I inquired if the Lumension agent was able to detect blacklisted files (eg. executables, audio) embedded inside whitelisted files (Office documents). The vendor couldn't answer my question.
That piqued my curiosity. I embedded the same PDF file inside a Word doc twice by manually copying and pasting it into the doc as well as inserting it as an object. Firing up my trusty Hex editor, I was only able to find the magic bytes (ie. ASCII "%PDF" or hex values "25 50 44 46") for the PDF file that was embedded using the insert object method. I was not able to detect the embedded PDF file that was manually copied.

This is an interesting loophole from a hacker and forensics perspective.
at No comments:
Labels: , , , ,

Network forensics puzzle #5

Puzzle #5 is out. I'm going to get started on figuring it out.
at No comments:
Labels: ,
Subscribe to: Posts (Atom)

VMware Workstation Pro is now free for personal use!!!

VMware Workstation Pro is now free for personal use!!!  However, it was not straight forward to install on Ubuntu as I encountered error mes...

  • "An error occured in avast! engine: Invalid argument"
    This annoying message popped up after I ran the update in avast! in Ubuntu yesterday. avast! crashes every time I attempt to launch it after...
  • Encrypted mails
    I decided to install a digital certificate for my Gmail account. This is simple and free to set up. Apply for a free certificate from Comod...