Embedded files

Lumension vendor visited the office. During their presentation, they mentioned whitelisting and blacklisting files to tackle data leakage. I inquired if the Lumension agent was able to detect blacklisted files (eg. executables, audio) embedded inside whitelisted files (Office documents). The vendor couldn't answer my question.
That piqued my curiosity. I embedded the same PDF file inside a Word doc twice by manually copying and pasting it into the doc as well as inserting it as an object. Firing up my trusty Hex editor, I was only able to find the magic bytes (ie. ASCII "%PDF" or hex values "25 50 44 46") for the PDF file that was embedded using the insert object method. I was not able to detect the embedded PDF file that was manually copied.

This is an interesting loophole from a hacker and forensics perspective.
at
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

dnsaudit.py

 Since I was on a roll with Copilot, I decided to automate DNSSEC auditing with the following Python script. import subprocess import sys im...

  • "An error occured in avast! engine: Invalid argument"
    This annoying message popped up after I ran the update in avast! in Ubuntu yesterday. avast! crashes every time I attempt to launch it after...
  • Encrypted mails
    I decided to install a digital certificate for my Gmail account. This is simple and free to set up. Apply for a free certificate from Comod...