@larsencyber
  • Home
  • About
  • Blog
  • Presentations
  • Knowledgebase
  • Contact
  • Chat to me on LinkedIn
Chat to me on LinkedIn
  • About Me
  • Blog
    • Black Hat USA 2024: From Doxing to Doorstep - Exposing Privacy Intrusion Techniques used by Hackers for Extortion
    • Black Hat USA 2024: Interviews with Extorters 'Ego' and 'Reiko'
    • Crabby's Credential Stuffing: Australian Account Takeovers in 2024
    • How to Rapidly Progress your Cyber Security Career
    • Preparing for the Offensive Security Certified Practitioner (OSCP) on a Budget
    • Study & Exam Guide for the Burp Suite Certified Practitioner (BSCP)
    • Bolstering Your Incident Response Capability Using Tabletop Exercises
    • Answering "How do I get my first role in Cyber Security?"
    • Performing Re-Entrancy Attacks on the Ethereum Blockchain
    • Building a Cyber Resilient Future
    • Twitter Hack: Lessons learned and why it could have been worse
    • How to pass the Certified Informations Systems Security Professional (CISSP) from scratch
  • Contact Me
  • Knowledgebase
    • External Penetration Test
      • 1. Enumeration
        • 1. Passive
          • Validate Scope Ownership
          • Open Source Intelligence
          • Web Technology
          • Subdomains
          • Breached Credentials
          • Build Usernames List
          • File Metadata
            • Exiftool
          • Typosquatting
          • Cloud Resources
          • Code Repos
        • 2. Active
          • Port Scanning
          • Directory Fuzzing
          • Login Portals
          • Username Enumeration
      • 2. Vulnerability Scanning
        • Nessus
      • 3. Attacking Login Portals
        • Active Directory
        • Other Logins
      • 4. Vulnerability Exploitation
      • 5. Post-Exploitation
        • Demonstrate Impact
        • Domain Join Device
        • Export Global Address List
    • Web App Penetration Test
      • 1. Enumeration
        • Network Layer Services
        • Application Layer Services
        • Application Functionality
      • 2. Web Attacks
        • Exploitation of Vulnerable Services
        • Broken Access Controls
        • Cross-Site Scripting (XSS)
        • Insecure File Upload
        • Cross Origin Resource Sharing (CORS)
        • CSV/XLSX Formula Injection
  • Presentations, Publications & Podcasts
    • Black Hat USA 2024: From Doxing to Doorstep (YouTube)
    • Cyber Crime Meets Real World Threats
    • How Hackers Use Emergency Data Requests to Steal User Data
    • Mega money, unfathomable violence pervade thriving underground doxxing scene
    • Inside the Dark World of Doxing for Profit
    • Black Hat USA 2024: From Doxing to Doorstep
    • Crabby's Credential Stuffing: Australian Account Takeovers in 2024
    • Catching up with Jacob, Penetration Testing Lead
    • Bolstering Your Incident Response Capability Using Tabletop Exercises
    • Cyber Security, Career Development, Networking, Leadership and GRC
    • Analysis of Real Cybercrime Operators
    • Performing Re-Entrancy Attacks on the Ethereum Blockchain
    • Building a Cyber Resilient Future
  • External Penetration Test
    • 1. Enumeration
      • 1. Passive
        • Validate Scope Ownership
        • Open Source Intelligence
        • Web Technology
        • Subdomains
        • Breached Credentials
        • Build Usernames List
        • File Metadata
        • Typosquatting
        • Cloud Resources
        • Code Repos
      • 2. Active
        • Port Scanning
        • Directory Fuzzing
        • Login Portals
        • Username Enumeration
    • 2. Vulnerability Scanning
      • Nessus
    • 3. Attacking Login Portals
      • Active Directory
      • Other Logins
    • 4. Vulnerability Exploitation
    • 5. Post-Exploitation
      • Demonstrate Impact
      • Domain Join Device
      • Export Global Address List
  • Web App Penetration Test
    • 1. Enumeration
      • Network Layer Services
      • Application Layer Services
      • Application Functionality
    • 2. Web Attacks
      • Exploitation of Vulnerable Services
      • Broken Access Controls
      • Cross-Site Scripting (XSS)
      • Insecure File Upload
      • Cross Origin Resource Sharing (CORS)
      • CSV/XLSX Formula Injection

On this page

  • Exiftool
Knowledgebase
External Penetration Test
1. Enumeration
1. Passive
File Metadata

File Metadata

Exiftool

We can check the file metadata to see if any sensitive information has been disclosed.

Sometimes the “author” tag will include the name of an individual we could use for further attacks later on.

Usage:

exiftool file.pdf
Last updated on Apr 28, 2024
← Build Usernames List
Typosquatting →

© 2025 Jacob Larsen.

Published with Hugo Blox Builder — the free, open source website builder that empowers creators.