BSidesCharm 2022 - Call the Plumber: Your Documents are Leaking - Nick Ascoli

For most organizations, posting brochures, contract templates, whitepapers, and various forms of marketing collateral online is a standard practice. And for most threat actors, this can surreptitiously provide a wealth of information about the organization they are targeting. In this talk, we will examine why cyber criminals benefit from the public sharing of organizational documents, how they make use of the metadata contained in the documents, how misconfigurations and lack of user awareness can lead to data leaks, and propose practical / open source methodologies organizations can employ to protect themselves. Nick Ascoli (@kcin418) Nick Ascoli is the founder and CEO of Foretrace, an External Attack Surface Management (EASM) solution. Prior to starting Foretrace, Nick was a Cyber Research Scientist and Consultant with Security Risk Advisors and has published several open-source tools including pdblaster and TALR. Nick has been a speaker at Blackhat Arsenal, SANS, and B-Sides conferences on SIEM and UEBA topics.