OPSEC Basic Awareness. Blend into the background

   March 9, 2026  Posted in zerosalarium
Share: XFacebookPinterestRedditVKDiggLinkedinMix


I. Introduction

Typically, how do you choose your Username and set your PC name? Some people
use their real names, while others opt for a username generator, etc.

You may not have noticed, but usernames and PC names are often stored in files
created on your computer. When these files fall into the hands of someone with
malicious intent, it can pose potential risks of attacks and lead to data
breach.

The main sections in this article:

  • Analyze the reasons why your Username and PC name may have been exposed.
  • The risks encountered when someone obtains the two pieces of information:
    for regular users and for individuals such as red teamers.
  • Recommendations for safe naming practices to mitigate risks and keep a low
    profile.

II. Detailed Analysis

1. The username and PC name will accompany almost all the files you create

What is Document Metadata?

Document metadata is data that provides information about other data within a
document. Think of it as data about the document itself, which can include
various details like:

  • Title: The name of the document.
  • Author: The person or entity who created the document.
  • Creation Date: When the document was originally created.
  • Modification Date: When the document was last modified.
  • File Size: The size of the document.
  • Keywords: Tags or terms associated with the content of the document.
  • Software Used: The application or tool used to create or edit the document.
  • Revision Number: The version of the document.

The information is not only present in the metadata of document files (such as
Word document metadata, PDF document metadata, etc.) but also in executable
files like EXE, DLL, LNK, and others.

2. Some examples of actual file metadata

You can view some basic metadata information of any file on Windows by:

  1. Open File Explorer: You can do this by pressing the Windows logo + E keys or
    by clicking on the File Explorer icon in the taskbar.
  2. Navigate to the File: Go to the location of the file you want to view.
  3. Right-Click the File: Right-click on the file to open the context menu.
  4. Select “Properties”: Click on “Properties” at the bottom of the context
    menu.
  5. Go to the “Details” Tab: In the Properties window, click on the “Details”
    tab.
  6. The “Details” tab will show you a wealth of information about the file.

A. PDF Document Metadata

I have a sample PDF file; first, we will check what information is available
in the “Details” tab.

pdf document metadata

Note that the fields from “Attributes” downward are automatically
displayed by Windows and are not actually part of the metadata.

At this point, the “Details” tab does not provide much information. To
obtain more, we need to use specialized parsers. I will try using a Python
script sourced from GitHub: pdfxplr

pdf document metadata - more details
PDF document metadata – More details

There will be additional information that Windows Explorer does not display.
Based on this information, I can determine that a person with the username
ZeroSalarium” created this PDF file using “Microsoft® Word 2016“. We will temporarily disregard the time fields.

Thus, when I send this PDF file to someone, they will be able to see my
Windows username is ZeroSalarium and also know that I am using the software
Microsoft® Word 2016.

B. Word Document Metadata 

Similarly, I have a DOCX file with the following details:

word document metadata

For files belonging to the Microsoft Office suite, Windows Explorer will
display quite comprehensive information.

Based on this information, I know that the sender will have a username of
either “John Doe” or “ZeroSalarium” 

C. Shortcut File Metadata

When sending compressed files, you often include shortcuts to the files as
well. These shortcuts carry quite a bit of detailed information about your
machine.

Using the tool
lnk-parser, I will obtain information from a sample shortcut file (LNK) as follows:

lnk metadata extract

From this information, I can determine that the name of the machine used to
create the LNK file is “zerosalarium-pc” Additionally, based on the MAC
address format, I know that this is a VMware virtual machine.

3. Using metadata for both good and bad purposes

A. Hunting malware with OSINT digital footprint

OSINT stands for Open-Source Intelligence. It’s the process of collecting and
analyzing publicly available information to produce actionable intelligence.

By analyzing the data contained in the metadata of malware, analysts will use
this information to categorize, track, and create filters for searching or
alerting whenever malware appears.

Malware often contains metadata from the compiler, such as version
information, timestamps, and computer names. By examining these artifacts,
researchers can trace back to the specific compiler and potentially the
computer used to compile the malware. This information can be used to build
threat intelligence, linking different malware samples to the same
source. 

A practical example is that researchers rely on the PDB paths found in the
collected files to filter out malware. You can learn more details through
this link

Another practical example is that researchers use information such as MAC
addresses and PC names found in LNK files to identify malicious files.
More info

B. The risks associated with others knowing your username and PC name

When a hacker knows your username or PC name, they can carefully craft emails
with detailed information to carry out spear phishing attacks against you.
More info

In a corporate environment scenario, when IT creates emails based on
usernames, hackers can use the information from usernames or PC names to guess
email addresses. They may then choose to launch spear phishing attacks or
conduct credential stuffing attacks.

Red teamers need to be cautious with usernames and computer names to avoid
detection and maintain operational security. Using regular, non-suspicious
names helps blend in with the target environment and reduces the risk of
raising red flags. It’s all about staying under the radar and not drawing
unnecessary attention.

4. How to choose a username and PC name to stay out of the spotlight

Do not use names generated from username generator.

When using a username generator, it often creates special, unique names.
Relying on these names can make it very easy to identify you or be used for
spear phishing attacks.

Use usernames that are highly common. Don’t draw attention to yourself.

Some common Windows usernames include:

  • Administrator
  • User
  • Owner
  • Admin
  • Guest
  • John (or variations like JohnDoe)
  • Jane (or variations like JaneDoe)
  • Default
  • Test
  • Support

Commonly used PC names include:

  • DESKTOP-XXXXXX (where XXXXXX is a random alphanumeric string)
  • LAPTOP-XXXXXX
  • USER-PC
  • OWNER-PC
  • WORKGROUP
  • DESKTOP
  • LAPTOP
  • COMPUTER
  • MY-PC
  • HOME-PC

When your information is part of a very common dataset, it can be quite
difficult for hackers to locate your specific information within the vast
amount of data, even if
they use OSINT (Open Source Intelligence) to assist in their attack.

For red teamers, it’s advisable to use generic names that blend in with
typical corporate environments, such as “Workstation01” or “PC-02.”
Additionally, creating misleading names to mask your activities, like
“FinanceDeptPC” or “HR-Server,” can help obfuscate your presence and
intentions within the network.

III. Conclusions

Hackers can utilize OSINT digital footprints, such as word document metadata,
pdf document metadata, and other file types, to conduct cyber attacks against
you. This metadata can reveal sensitive information, including the author’s
name, document creation date, and even the software used, which can be
leveraged to craft targeted attacks or gain unauthorized access to systems.

You should avoid using username generator. While they can create unique and
complex usernames, they may not always align with your specific needs or the
context in which you are operating.

Using usernames and PC names that are common or widely used can help you live
under the radar of hackers. By blending in with typical naming conventions,
you reduce the likelihood of drawing attention to yourself, making it more
challenging for malicious actors to identify and target you specifically.

For red teamers, using common names will help you fly low within the network.
By adopting familiar naming conventions, you can avoid detection and blend in
with legitimate traffic, making it more difficult for defenders to identify
your activities as malicious.

Keep a low profile will help you minimize potential attacks. This approach
aids in protecting your personal data and ensures that you stay safe on the
Internet. By avoiding unnecessary exposure and being cautious about the
information you share, you can significantly reduce the risk of becoming a
target for cyber threats.

You can follow my Twitter (X) to be notified when there are new posts: Two Seven One Three (@TwoSevenOneT)



Source link