OPSEC Basic Awareness. Blend into the background

Posted by on

hacker osint username nad pc name

I. Introduction

Typically, how do you choose your Username and set your PC name? Some people use their real names, while others opt for a username generator, etc.

You may not have noticed, but usernames and PC names are often stored in files created on your computer. When these files fall into the hands of someone with malicious intent, it can pose potential risks of attacks and lead to data breach.

The main sections in this article:

  • Analyze the reasons why your Username and PC name may have been exposed.
  • The risks encountered when someone obtains the two pieces of information: for regular users and for individuals such as red teamers.
  • Recommendations for safe naming practices to mitigate risks and keep a low profile.

II. Detailed Analysis

1. The username and PC name will accompany almost all the files you create

What is Document Metadata?

Document metadata is data that provides information about other data within a document. Think of it as data about the document itself, which can include various details like:

  • Title: The name of the document.
  • Author: The person or entity who created the document.
  • Creation Date: When the document was originally created.
  • Modification Date: When the document was last modified.
  • File Size: The size of the document.
  • Keywords: Tags or terms associated with the content of the document.
  • Software Used: The application or tool used to create or edit the document.
  • Revision Number: The version of the document.

The information is not only present in the metadata of document files (such as Word document metadata, PDF document metadata, etc.) but also in executable files like EXE, DLL, LNK, and others.

2. Some examples of actual file metadata

You can view some basic metadata information of any file on Windows by:

  1. Open File Explorer: You can do this by pressing the Windows logo + E keys or by clicking on the File Explorer icon in the taskbar.
  2. Navigate to the File: Go to the location of the file you want to view.
  3. Right-Click the File: Right-click on the file to open the context menu.
  4. Select "Properties": Click on "Properties" at the bottom of the context menu.
  5. Go to the "Details" Tab: In the Properties window, click on the "Details" tab.
  6. The "Details" tab will show you a wealth of information about the file.

A. PDF Document Metadata

I have a sample PDF file; first, we will check what information is available in the "Details" tab.

pdf document metadata

Note that the fields from "Attributes" downward are automatically displayed by Windows and are not actually part of the metadata.

At this point, the "Details" tab does not provide much information. To obtain more, we need to use specialized parsers. I will try using a Python script sourced from GitHub: pdfxplr

pdf document metadata - more details
PDF document metadata - More details

There will be additional information that Windows Explorer does not display. Based on this information, I can determine that a person with the username "ZeroSalarium" created this PDF file using "Microsoft® Word 2016". We will temporarily disregard the time fields.

Thus, when I send this PDF file to someone, they will be able to see my Windows username is ZeroSalarium and also know that I am using the software Microsoft® Word 2016.

B. Word Document Metadata 

Similarly, I have a DOCX file with the following details:

word document metadata

For files belonging to the Microsoft Office suite, Windows Explorer will display quite comprehensive information.

Based on this information, I know that the sender will have a username of either "John Doe" or "ZeroSalarium

C. Shortcut File Metadata

When sending compressed files, you often include shortcuts to the files as well. These shortcuts carry quite a bit of detailed information about your machine.

Using the tool lnk-parser, I will obtain information from a sample shortcut file (LNK) as follows:

lnk metadata extract

From this information, I can determine that the name of the machine used to create the LNK file is "zerosalarium-pc" Additionally, based on the MAC address format, I know that this is a VMware virtual machine.

3. Using metadata for both good and bad purposes

A. Hunting malware with OSINT digital footprint

OSINT stands for Open-Source Intelligence. It's the process of collecting and analyzing publicly available information to produce actionable intelligence.

By analyzing the data contained in the metadata of malware, analysts will use this information to categorize, track, and create filters for searching or alerting whenever malware appears.

Malware often contains metadata from the compiler, such as version information, timestamps, and computer names. By examining these artifacts, researchers can trace back to the specific compiler and potentially the computer used to compile the malware. This information can be used to build threat intelligence, linking different malware samples to the same source. 

A practical example is that researchers rely on the PDB paths found in the collected files to filter out malware. You can learn more details through this link

Another practical example is that researchers use information such as MAC addresses and PC names found in LNK files to identify malicious files. More info

B. The risks associated with others knowing your username and PC name

When a hacker knows your username or PC name, they can carefully craft emails with detailed information to carry out spear phishing attacks against you. More info

In a corporate environment scenario, when IT creates emails based on usernames, hackers can use the information from usernames or PC names to guess email addresses. They may then choose to launch spear phishing attacks or conduct credential stuffing attacks.

Red teamers need to be cautious with usernames and computer names to avoid detection and maintain operational security. Using regular, non-suspicious names helps blend in with the target environment and reduces the risk of raising red flags. It's all about staying under the radar and not drawing unnecessary attention.

4. How to choose a username and PC name to stay out of the spotlight

Do not use names generated from username generator.

When using a username generator, it often creates special, unique names. Relying on these names can make it very easy to identify you or be used for spear phishing attacks.

Use usernames that are highly common. Don't draw attention to yourself.

Some common Windows usernames include:

  • Administrator
  • User
  • Owner
  • Admin
  • Guest
  • John (or variations like JohnDoe)
  • Jane (or variations like JaneDoe)
  • Default
  • Test
  • Support

Commonly used PC names include:

  • DESKTOP-XXXXXX (where XXXXXX is a random alphanumeric string)
  • LAPTOP-XXXXXX
  • USER-PC
  • OWNER-PC
  • WORKGROUP
  • DESKTOP
  • LAPTOP
  • COMPUTER
  • MY-PC
  • HOME-PC

When your information is part of a very common dataset, it can be quite difficult for hackers to locate your specific information within the vast amount of data, even if they use OSINT (Open Source Intelligence) to assist in their attack.

For red teamers, it's advisable to use generic names that blend in with typical corporate environments, such as "Workstation01" or "PC-02." Additionally, creating misleading names to mask your activities, like "FinanceDeptPC" or "HR-Server," can help obfuscate your presence and intentions within the network.

III. Conclusions

Hackers can utilize OSINT digital footprints, such as word document metadata, pdf document metadata, and other file types, to conduct cyber attacks against you. This metadata can reveal sensitive information, including the author's name, document creation date, and even the software used, which can be leveraged to craft targeted attacks or gain unauthorized access to systems.

You should avoid using username generator. While they can create unique and complex usernames, they may not always align with your specific needs or the context in which you are operating.

Using usernames and PC names that are common or widely used can help you live under the radar of hackers. By blending in with typical naming conventions, you reduce the likelihood of drawing attention to yourself, making it more challenging for malicious actors to identify and target you specifically.

For red teamers, using common names will help you fly low within the network. By adopting familiar naming conventions, you can avoid detection and blend in with legitimate traffic, making it more difficult for defenders to identify your activities as malicious.

Keep a low profile will help you minimize potential attacks. This approach aids in protecting your personal data and ensures that you stay safe on the Internet. By avoiding unnecessary exposure and being cautious about the information you share, you can significantly reduce the risk of becoming a target for cyber threats.

Comments

Post a Comment