11
JoshBent
16d

I've noticed looking at the card exit of a building that most people a) just carry their laptop without putting it in the backpack because the carpark is a jump away anyway, b) that stickers on said laptops can leak your infrastructure

No idea what made me interested in that, but if you take the average of people's laptop stickers (sadly not everybody had their laptop or maybe even a laptop at all, so I've got just 20) - you could probably tell what tools and what services the company is running.

Could be a funny coincidence and I was able to verify later by googling their company, but it's an interesting non trackable way to know what services and tools need to be exploited/emulated to possibly gain access to some high security network.

I feel like somebody had to have a talk/presentation about this, so I wonder, had anybody else seen something like that? or how far could this actually go?

Comments
  • 3
    @Linuxxx @PerfectAsshole you two for sure should have seen something if it was e.g. a black hat talk, I couldn't find anything similar to this yet
  • 5
    I haven't seen anything on it but just like you did by looking up the company to check their stack anybody else can also. So while stickers on laptops can be telling there's usually more reliable means for information gathering including looking for job offers(past and present) from the company
  • 5
    This doesn't work in environments where multiple companies are set up - you wouldn't know which sticker describes which company's stack. Unless you go read tags individually of course
  • 4
    @JoshBent Haven't found/seen anything about this yet but @PerfectAsshole is right :)
  • 3
    @PerfectAsshole @linuxxx fair point, wanted to mention the situation where there's no stack publicly available on their website, but then there's pretty much always still job offers. Oh well was a fun idea though haha

    @ananaszjoe that's indeed true too, though it's more rare to find multiple companies in just one building around here I believe, so it could be still a way to get that.
  • 0
    This has been brought up as a security issue in past. There were talks at defcon about it.
Your Job Suck?
Get a Better Job
Add Comment