The intelligence-gathering process can usually make or break a successful penetration test. With this in mind, it's easy to see how important it is to not overlook simple metadata forensics while testing. Forensic metadata extraction can help us reach beyond public-facing images or other files. For instance, if we have found a successful SQL injection or a LFI vulnerability, and successfully leverage that exploit to read the general system message log, for example, /var/log/messages, we can use a simple regular expression to compile a statistical geolocation map of IP addresses that upload files to the web server. As previously stated, this data can then be used in a social engineering attack, and this is exactly what we will be learning ...