Note the selection menu Quick Parts on the right side of that screenshot. You will notice in the screenshot above that the tab Insert was selected. We will begin with a simple empty Word document.
#Tracking in word document how to#
For an added bonus the image insertion does not require any special privileges or macros to make the call.įor this demonstration I will show how to add the remote URL image using a Word document. Utilizing Apache logs we can find out when this document is opened. Requiring the Microsoft Office application to reach out to the specified URL every time the document is opened. Microsoft Office documents give us the ability to insert images into the page that will not be stored inside the actual file. With log file analysis, long data evaluation or using appropriate analytical tools, this data can be used for different purposes, for example re-targeting. With a tracking pixel, advertisers can acquire data for online marketing, web analysis or email marketing.
![tracking in word document tracking in word document](https://www.templatesfront.com/wp-content/uploads/2019/11/Sales-lead-tracker-3011.jpg)
Utilizing a method often employed by emails and/or targeted advertisements, by embedding a small pixel that will call back to a remote web server which will allow the testing engineer to troubleshoot connection issues.Ī tracking pixel (also called 1x1 pixel or pixel tag) is a graphic with dimensions of 1x1 pixels that is loaded when a user visits a website or opens an email, and is used to track certain user activities.
![tracking in word document tracking in word document](https://projectanalysis.net/wp-content/uploads/2020/12/Document-Tracking-FB-2.jpg)
This is why I have performed research and come up with a way to determine if the user is even opening the document. Whether these documents are delivered via email or by USB drop it can be uncertain if the targeted victim is actually opening the document or antivirus or other technological hurdles are blocking the reverse shell from returning to you. Many social engineering campaigns rely heavily upon weaponizing Microsoft Office documents with malicious macros or embedded scripting languages that allow for payloads to create remote access to the victim's machine.