by

Seek for Credit score Card numbers in Tackle BookContact knowledge utilizing EWS

Seek for Credit score Card numbers in Tackle BookContact knowledge utilizing EWS Info safety and knowledge breaches are a sizzling subject in the intervening time, there appears to be a relentless stream of knowledge breaches and vulnerabilities in numerous merchandise being exploited each day. One subject that was introduced up in the previous couple of weeks has been Tackle E-book knowledge https://www.wired.com/2016/09/people-please-dont-store-private-data-address-book/ . Tackle books might be the proverbial open window on the home with bars on door and possibly not one thing that’s generally considered. 

If you wish to detect if individuals are utilizing Tackle e book to retailer confidential data it may be a problem as a result of this knowledge is not searchable by way of a standard eDiscovery sort search. However that is the place a scripted enumeration and filtering strategy can do the job.

I posted a Contacts Powershell module that consolidated a variety of EWS contacts perform into one script final 12 months so for this publish I’ve prolonged this to incorporate a Search that may enumerate all of the contacts in a Mailbox’s contacts folder and Seek for Credit score Card Quantity and Social Safety Numbers being saved in any of the Cellphone quantity properties and electronic mail tackle properties. The script I’ve posted does some filtering to separate out the Host a part of electronic mail tackle to check so for instance if any person places the 12345678@fakedomain it is going to separate out 12345678 to check.

Looking for Credit score Card Numbers

To Seek for Bank card quantity you mainly want two components, the primary is the luhn algorithm which is a Modulus 10 algorithm that may validate if a quantity sequence is a bank card quantity. Then you definately run a lot of Regex patterns to find out the kind of card and who issued it. The nice factor is there are a lot libraries up on GitHub that may  already do that so there isn’t any want to jot down any code for this. The one I made a decision to make use of was https://github.com/gustavofrizzo/CreditCardValidator

Looking for Social Safety Numbers (or your individual customized RegEx)

To Seek for SSI I’ve used the Google Braintrust Regex of

$SSN_Regex = “^(?!000)([0-6]d{2}|7([0-6]d|7[012]))([ -]?)(?!00)dd3(?!0000)d{4}$”

I’ve posted up the script for this https://github.com/gscales/Powershell-Scripts/blob/grasp/EWSContacts/EWSContactFunctions.ps1 I’ve put a compiled model of the creditcard validation library I used which must be in the identical listing because the module right here https://github.com/gscales/Powershell-Scripts/uncooked/grasp/EWSContacts/CreditCardValidator.dll

To Run the script you simply use one thing like the next to provide a report of any hits in  a Mailbox. Be aware due to the Regexs used for the SSI and the truth that cellphone numbers can simply seem like validate bank card numbers this script can produce a lot of false positives.

Search-ContactsForCCNumbers -MailboxName mailbox@area.com | Export-csv -NoTypeInformation -Path c:tempCCrep.csv