6.7 Cloud Security | Vicky's Page

Section 6.7 Cloud Security

As you study this section, answer the following questions:

What is cloud computing?
What are the most prominent cloud computing risks, threats, and attacks?
What is data exfiltration?
What are the most common methods of data exfiltration?

In this section, you will learn to:

Use Scout Suite to analyze cloud infrastructure
Analyze cloud vulnerability assessment output

The key terms for this section include:

Key Terms and Definitions

Key Terms and Definitions
Term	Definition
Cloud security	Keeping data and processes safe on the cloud is a responsibility of security administrators. Cloud service providers and clients should work together to design, create, publish, and operate cloud-based systems.
Cloud security considerations	Security considerations for a cloud service include rigorous security for data stored in the cloud, security management process integration into the operational process, symmetric and asymmetric cryptographic algorithms to optimize data security, a regularly monitored Quality of Service (QoS) process to verify adherence to the service level agreements between the cloud provider and the client, and a disaster recovery plan for the stored data.
Cloud security control layers	Cloud security control layers help establish barriers between cloud services and attackers. These include the application layer, information layer, management layer, network layer, trusted computing, computation and storage, and physical layer.
Cloud security tools	Tools specifically designed to test cloud security, such as Scout Suite, an open-source security auditing tool designed to give a point-in-time security-oriented view of the cloud account it runs in.

This section helps you prepare for the following certification exam objectives:

Exam	Objective
CompTIA CySA+ CS0-003	1.1 Explain the importance of system and network architecture concepts in security operations Network architecture Cloud 1.2 Given a scenario, analyze indicators of potentially malicious activity Host-related Data exfiltration 2.1 Given a scenario, implement vulnerability scanning methods and concepts Passive vs. active 2.2 Given a scenario, analyze output from vulnerability assessment tools Tools Cloud infrastructure assessment tools Scout Suite Pacu 2.5 Explain concepts related to vulnerability response, handling, and management Control types Managerial Operational Technical Detective Corrective
TestOut CyberDefense Pro	3.1 Implement security controls to mitigate risk Implement cloud security

Exam

Objective

CompTIA CySA+ CS0-003

1.1 Explain the importance of system and network architecture concepts in security operations

Network architecture
- Cloud

1.2 Given a scenario, analyze indicators of potentially malicious activity

Host-related
- Data exfiltration

2.1 Given a scenario, implement vulnerability scanning methods and concepts

Passive vs. active

2.2 Given a scenario, analyze output from vulnerability assessment tools

Tools
- Cloud infrastructure assessment tools
  - Scout Suite
  - Pacu

2.5 Explain concepts related to vulnerability response, handling, and management

Control types
- Managerial
- Operational
- Technical
- Detective
- Corrective

TestOut CyberDefense Pro

3.1 Implement security controls to mitigate risk

Implement cloud security

6.7.1 Cloud Security

Click one of the buttons to take you to that part of the video.

Cloud Security 00:00-00:21 As we move more and more processes to the cloud, we need to make sure that everything's protected from hackers. In this lesson, I'm going to look at some cloud security considerations we need to be aware of, the security concerns of each cloud model layer, and the tools we can use to test our cloud security.

Cloud Security Considerations 00:21-01:33 When you determine which cloud service provider to go with, there's a few things to consider. First and foremost is the trust between the provider and client. When you select a cloud provider, you're trusting that they'll be able to handle all requested processes and keep your data safe. If that trust isn't there, you probably shouldn't go with that provider.

Cloud services should be tailor-made by the provider, who should implement all security requirements requested by the client. All data transmissions to and from the cloud should be encrypted. Service providers should invest in higher multi-tenancy to maximize cloud resources and cloud security utilization.

You also want to ensure that there's a disaster recovery plan for stored data as this minimizes data loss if an unexpected event occurs. The cloud service should be fast and reliable. Load balancing should be implemented to make it easier for networks and resources to obtain a quick response time with maximum throughput. And ongoing Quality of Service monitoring, or QoS monitoring, is essential to maintain the service-level agreements between the cloud provider and the client.

Cloud Security Controls 01:33-02:05 When it comes to cloud security, there are four security control categories that I'll focus on. Deterrent controls decrease attacks on the cloud system. Preventive controls diminish vulnerabilities so the system can handle attacks and accidents. Detective controls identify incidents and act as needed, and corrective controls lessen an incident's aftermath by limiting its damage.

Now, let's look at each layer of the cloud model and the security controls we can implement at each one.

Cloud Security Control Layers 02:05-04:37 The first is the Application layer. To harden this layer, you need to implement industry-standard policies, such as OWASP, for web apps. Security controls here include the software development life cycle, binary analysis, scanners, and web app firewalls.

Next, comes the Information layer. To protect information from being modified or stolen, we should implement an Information Security Management Program, or ISMP. This contains all information on physical safeguards, technical defenses, and administrative defenses. Some of the Information layer security controls include data loss prevention, content monitoring and filtering, encryption, and database activity monitoring.

The Management layer is next. It involves all cloud security administrative tasks to promote continued and effective services. Good management controls include governance risk compliance, identity and access management, and patch management. After the Management layer comes the Network layer, where you implement policies to prevent attackers from stealing or modifying data. Some of these controls are network intrusion systems, deep packet inspection, firewalls, Quality of Service, anti-DDoS, and DNS security.

Next comes the Trusted Computing layer. This involves a secure computational environment that implements internal controls, auditability, and maintenance so that the cloud is always available. Some good security controls for Trusted Computing are hardware and software Roots of Trust, or RoTs, and APIs.

Then we have the Computation and Storage layer. Basically, the cloud provider must have policies in place to protect the data they store. These policies could include backups, space availability, and continuity of services. Some of the controls here include host-based firewalls and intrusion systems, file management, and log management.

The last layer is the Physical layer, which has to do with security measures for the data centers, physical resources, and cloud infrastructure. These security measures include fences, walls, barriers, security guards, gates, camera surveillance, and physical authentication mechanisms.

By implementing proper security controls at each layer of the cloud model, providers help ensure that they're keeping their clients' data safe.

Cloud Security Tools 04:37-05:12 As security specialists, we should really take a proactive stance on our defenses and implement threat hunting. Far too often, network defenders are reactive rather than proactive. We set up our automated defenses and hope they catch any malicious activity. Unfortunately, these automated systems don't catch everything.

Threat hunting simply means that you're proactive, and you methodically monitor your networks to detect suspicious activity. Using the proper tools to do this is vital. One popular tool is called Scout Suite.

Scout Suite 05:12-05:33 Scout Suite is an open-source security auditing tool that's designed to give a point-in-time, security-oriented view of the cloud account it's run in. Scout Suite works with many different cloud providers. These include Microsoft Azure, Google Cloud Platform, and Amazon Web Services, or AWS.

Prowler 05:33-06:02 Another great tool is Prowler. Prowler works with AWS for security hardening, auditing, and forensics readiness. This tool is designed to follow AWS security best practices guidelines. Prowler also has additional checks that can be performed for HIPAA, GDPR, PCI-DSS, and other common compliance regulations. All of these are national and international regulations you need to follow carefully to avoid legal trouble.

Pacu 06:02-06:38 Another tool you can use with AWS is Pacu. Pacu was designed to be used for offensive security penetration testers. Penetration tests help you discover the same vulnerabilities in your cloud platform that hackers might find. If you discover these before the hackers do, you can take appropriate steps to remedy them.

Using the appropriate tool for your cloud system helps you find any potential issues and take care of them before any serious breaches can occur. As a security specialist, you need to know which tools you have at your disposal and how to best utilize them.

Summary 06:38-07:08 That's it for this lesson. In this lesson, we first looked at some of the cloud security considerations we need to be mindful of, including the different security control categories. Then we looked at each cloud model layer and the security controls that should be present on each one. And finally, we covered three common security assessment tools that we can use on our cloud environments to find us potential issues and ensure compliance.

6.7.2 Cloud Security Facts

Keeping data and processes safe on the cloud is a primary responsibility for security administrators. Cloud service providers and clients should work together to design, create, publish, and operate cloud-based systems.

This lesson covers the following topics:

Cloud security considerations
Cloud security control layers
Cloud security tools

Cloud Security Considerations

A cloud services provider should customize the cloud-based system to meet all security requirements requested by the client. Security considerations for a cloud service include:

Rigorous security for data stored in the cloud.
Security management process integration into the operational process.
Symmetric and asymmetric cryptographic algorithms to optimize data security.
A regularly monitored Quality of Service (QoS) process to verify adherence to the service level agreements between the cloud provider and the client.
A disaster recovery plan for the stored data. This will help minimize information loss if an unexpected event occurs.

Additionally, the cloud service provider should:

Provide a fast, reliable service.
Respond to new requests quickly.
Add load balancing to the cloud services to ensure maximum throughput.
Invest in higher multitenancy architectures to maximize utilization of cloud resources and to better ensure data and application security.

To maintain an efficient security architecture throughout the entire cloud infrastructure, the cloud service provider must be familiar with and implement the necessary security controls. The following table describes the types of security controls.

Type	Description
Deterrent	Deterrent controls make the system more difficult to attack and, therefore, decrease attacks.
Preventive	Preventive controls harden the system against attacks, as well as recognize and stop attacks.
Detective	Detective controls identify and take action as needed when incidents happen.
Corrective	Corrective controls lessen the aftermath of an incident by limiting the damage.

The National Institute of Standards and Technology (NIST) provides technical requirements and best practices for federal agencies implementing digital identity services. These NIST guidelines provide a strong framework for protecting data. These guidelines include:

Evaluate risks involving the client’s data, software, and infrastructure.
Choose the appropriate deployment model according to the client’s needs.
Implement audit procedures for data protection and software isolation.
Renew service level agreements (SLAs) to cover security gaps between the client’s security requirements and the provider's security implementations.
Implement incident detection and reporting mechanisms.
Know and understand the security objectives of the organization.
Establish responsibility for data privacy and security issues in the cloud.

Cloud Security Control Layers

Cloud security control layers help establish barriers between cloud services and attackers.

Layer	Description
Application layer	Security at the application layer involves implementing policies that comply with industry standards such as OWASP. Examples of application layer controls include: Software development life cycle (SDLC) Binary analysis Scanners Firewalls
Information layer	To protect information from being deleted, modified, or stolen, implement an information security management program (ISMP) that identifies and details: Physical safeguards Technical and administrative defenses Information controls include: Data loss prevention (DLP) Capability Maturity Framework (CMF) Cryptography Database activity monitoring
Management layer	The management layer involves all administrative tasks to promote continued, uninterrupted, and effective services. Good management controls include: Governance, Risk, and Compliance (GRC) Identity and access management (IAM) Variability-aware virtual memory management (VaVM) Patch management.
Network layer	The network layer implements policies and measures to prevent attackers from activities such as stealing, modifying, viewing, and redirecting data. Some network controls are: Network intrusion detection systems/network intrusion protection systems (NIDS/NIPS) Deep packet inspection (DPI) Firewalls QoS Anti-distributed denial of service (anti-DDoS) OAuth Domain Name System Security Extensions (DNSSEC)
Trusted computing	Trusted computing helps to ensure cloud availability. It involves creating an environment that provides: Internal control Auditability Maintenance Security controls for trusted computing include hardware and software such as: Roots of Trust (RoT) Application Programming Interfaces (APIs)
Computation and storage	The cloud provider must have policies and procedures in place to protect data in storage. These policies and procedures could include: Backups Dpace availability Continuity of services Controls include: Host-based firewall Host intrusion detection systems/host intrusion prevention systems (HIDS/HIPS) Encryption File/log management
Physical layer	Physical layer security measures focus on data centers, physical resources, and cloud infrastructure. These security measures include: Physical plant security Fences, walls, barriers, and gates Security guards Camera surveillance Physical authentication mechanisms.

Cloud Security Tools

To better defend cloud services, security analysts must take a proactive stance on defense and implement threat hunting. Threat hunting is the proactive and methodical monitoring and scanning of a network, including cloud services, to detect any malicious or suspicious activity.

Using the proper tools to scan and monitor the networks is vital. There are many tools specifically designed to test cloud security. The following table describes some popular ones.

Tool	Description
Scout Suite	Scout Suite is an open-source security auditing tool designed to give a point-in-time security-oriented view of the cloud account it runs in. Scout Suite works with many different cloud providers, including: Amazon Web Services (AWS) Microsoft Azure Google Cloud Platform
Prowler	Prowler works with AWS for security hardening, auditing, and forensics readiness. This tool is designed to follow the guidelines of the AWS security best practices. Prowler also has checks that can be performed for: HIPAA GDPR PCI-DSS
Pacu	Pacu was designed to be used by offensive security penetration testers. Penetration tests help security analysts discover the same vulnerabilities that exist in the cloud platform that hackers might find.

6.7.3 Use ScoutSuite to Analyze a Cloud Infrastructure

Click one of the buttons to take you to that part of the video.

Use Scout Suite 00:00-01:10 Scout Suite is an open-source, multi-cloud security auditing tool. It's designed to assess cloud environments and provide a report of its findings. It audits the services offered by cloud providers, such as Azure Active Directory and Security Center as well as network configurations, databases, and virtual machines.

Scout Suite is written in Python. The installation and configuration is relatively simple, but it does require a shell. In today's demonstration, I'll be using it in a Bash shell on Ubuntu, where it's already been downloaded and configured to work with Microsoft Azure. This includes having logged into the Azure CLI from my local machine using the 'az login' command in Bash.

Scout Suite is designed to query hosts and networks for information about their security. As such, running it against a production environment without prior disclosure to the environment owner isn't advised. Obtain authorization before proceeding with a Scout Suite audit.

Our Azure environment is quite simple, with only one network and two virtual machines running on it. We'll get a report that reflects this simplicity.

Run a Scout Suite Audit on Azure 01:10-01:53 As noted before, I need a shell to perform the audit. As part of the setup of Scout Suite, I've configured a virtual environment that allows for my Scout Suite specific settings to not interfere with other tasks performed on this machine. I need to enter the virtual environment before continuing. I do this with the 'source' command. Once in the virtual environment, I'm ready to perform my audit. I execute the 'scout azure --cli' command to start the process and then wait for it to finish. A browser will be launched automatically to display the results. As I've already run Scout Suite against this Azure environment once before, it'll finish quickly. It takes more time for the initial audit.

Review Scout Suite Audit Results 01:53-03:18 Inside the browser, we see a local HTML file has been loaded. It has a label showing which cloud provider the results are for and a table with the queried resources. There are icons indicating the results for the different services to the left and a summary breakdown of each service's findings to the right. Each service can be clicked on for a more detailed view. I'll click on Azure Active Directory, which had two checks run against it. There were no findings that were of any note, so nothing is listed.

Let's look at one of the services with something in the Findings column and a yellow warning icon, such as Network. If we click on it, we see that Inbound SSH Access is enabled. If we expand that finding by clicking the plus sign to the right, we see a warning about allowing access to a network security group. We'd likely need to change that while securing this environment.

Back on the results page, if we look at the Virtual Machines service, we see that it has two findings and a warning icon. Clicking on that link, we see that disk encryption hasn't been enabled for at least one virtual machine. If we expand that by clicking on the plus sign, we see a summary of why that's a risk and references of where to learn about setting up disk encryption on virtual machines. If I click on the label for the warning, I'm presented with information about which disks aren't encrypted, the virtual machines OS, and other useful information.

Summary 03:18-03:41 That's all for this demonstration. We've only covered a small portion of what can be reported by a Scout Suite audit. More complex environments can have much larger data sets to review and can take much longer to complete. With time and experience you can become proficient at auditing cloud environment security with Scout Suite.

6.7.5 Data Exfiltration

Click one of the buttons to take you to that part of the video.

Data Exfiltration 00:00-00:31 In this lesson, we're going to discuss data exfiltration. Data exfiltration is the unauthorized transfer of sensitive or confidential information from a computer or network to an external destination. This can be carried out by malicious individuals, such as cybercriminals and hackers, or even by trusted insiders with nefarious intentions. Data exfiltration is a significant risk for organizations as it can result in the loss of critical business information, financial losses, and severe reputational damage.

Data Exfiltration Methods 00:31-02:15 Data exfiltration occurs through several methods. Email-based data exfiltration can happen when a malicious actor sends sensitive information as an attachment or within the body of an email to an external recipient. A cybercriminal could also compromise an employee's email account and use it to forward sensitive data from within an organization to an external destination. Email phishing campaigns can trick users into providing sensitive information or credentials, which can then be used to access and exfiltrate data.

File transfer protocols, such as FTP and SFTP, can be exploited for data exfiltration. Unauthorized individuals can gain access to sensitive files on a network and transfer them to an external server. Attackers may also set up rogue FTP servers within an organization's network to facilitate unauthorized data transfer. Additionally, cybercriminals can compromise legitimate file transfer protocol accounts for exfiltrating data without raising suspicion.

Social media platforms can be used for data exfiltration. This can be done by exploiting social media messaging features, where attackers send sensitive information to external accounts.

Additionally, cybercriminals can create fake profiles to establish connections with employees, tricking them into divulging sensitive data or granting access to internal systems.

Malicious browser extensions or social media applications can steal user data and transfer it to the attacker's server.

Physical theft can also be used for data exfiltration. This can involve stealing physical devices, such as laptops, smartphones, or external storage drives, that contain sensitive data. Cybercriminals can extract confidential information from the hardware by gaining unauthorized access to these devices. Physical theft can also enable attackers to access an organization's network through the stolen device, further facilitating the exfiltration of sensitive data.

Data Exfiltration Prevention 02:15-03:05 Organizations should implement security controls such as access controls, data encryption, network segmentation, and monitoring for suspicious activity to mitigate data exfiltration risks. Regular employee training and awareness programs can also reduce the risk of unintentional data exfiltration. More advanced security solutions can also help to prevent data exfiltration.

DLP software can identify and block the transfer of sensitive information by monitoring data in motion, at rest, and in use. IDS solutions can detect and alert security teams about suspicious network activity, such as unauthorized file transfers or excessive data uploads. Behavior analytics tools can help organizations identify unusual user behavior patterns, such as abnormal login attempts or data access, which may indicate data exfiltration attempts.

Summary 03:05-03:19 That's it for this lesson. In this lesson, we discussed data exfiltration. We discussed various methods that are used for data exfiltration. We also discussed some methods that can be used to help prevent data exfiltration.

6.7.6 Data Exfiltration Facts

This lesson covers the following topics:

Data exfiltration methods
Data exfiltration prevention
Additional considerations

Data exfiltration describes the unauthorized transfer of sensitive or confidential information from a computer or network to an external destination. This can be carried out by malicious individuals, such as cybercriminals and hackers, or even by trusted insiders with nefarious intentions. It is a significant risk for organizations as it can result in the loss of critical business information, financial losses, and severe reputational damage.

Data Exfiltration Facts

Data exfiltration occurs through several methods:

Method	Description
Email	Email-based data exfiltration can occur when a malicious actor sends sensitive information as an attachment or within the body of an email to an external recipient. Additionally, cybercriminals can compromise an employee's email account and use it to forward sensitive data from within an organization to an external destination. Lastly, email phishing campaigns can trick users into providing sensitive information or credentials, which can then be used to access and exfiltrate data.
File transfer protocol	File transfer protocols, such as FTP and SFTP, can be exploited for data exfiltration by unauthorized individuals who gain access to sensitive files on a network and transfer them to an external server. Attackers may also set up rogue FTP servers within an organization's network to facilitate unauthorized data transfer. Additionally, cybercriminals can compromise legitimate file transfer protocol accounts to covertly exfiltrate data without raising suspicion.
Social media	Social media platforms can be used for data exfiltration by exploiting their messaging features, where attackers send sensitive information to external accounts. Additionally, cybercriminals can create fake profiles to establish connections with employees, tricking them into divulging sensitive data or granting access to internal systems. Furthermore, malicious browser extensions or social media applications can steal user data and transfer it to the attacker's server.
Physical theft	Physical theft refers to stealing physical devices, such as laptops, smartphones, or external storage drives, that contain sensitive data. Cybercriminals can extract confidential information from the hardware by gaining unauthorized access to these devices. Additionally, physical theft can enable attackers to access an organization's network through the stolen device, further facilitating the exfiltration of sensitive data.

Additional Considerations

Some additional considerations for data exfiltration include the following:

HTTP (or HTTPS) transfers to file-sharing sites or suspicious domains. OneDrive, Dropbox, or Google Drive can be used to receive exfiltrated data. Blocking employees’ access to the sites makes detecting malicious use easier.
HTTP requests to database-backed services. An adversary may use SQL injection or similar techniques to copy records from a database they should not have access. Web Application Firewalls (WAF) can detect injection attacks. Other indicators of injection-style attacks are spikes in requests to PHP files or scripts and huge HTTP response packets.
Communication using FTP, IM, P2P, and email is common and might involve consumer services such as Outlook.com, Gmail, and others.

Data Exfiltration Prevention

Organizations should implement security controls such as access controls, data encryption, network segmentation, and monitoring for suspicious activity to mitigate data exfiltration risks. Regular employee training and awareness programs can also reduce the risk of unintentional data exfiltration.

Organizations can also employ advanced security solutions like data loss prevention (DLP) software, intrusion detection systems (IDS), and behavior analytics tools to prevent data exfiltration. DLP software can identify and block the transfer of sensitive information by monitoring data in motion, at rest, and in use. IDS solutions can detect and alert security teams about suspicious network activity, such as unauthorized file transfers or excessive data uploads. Behavior analytics tools can help organizations identify unusual user behavior patterns, such as abnormal login attempts or data access, which may indicate data exfiltration attempts.

6.7.7 Google Hacking for Office Documents

Click one of the buttons to take you to that part of the video.

Google Searching for Office Documents 00:00-00:30 Everyone knows that you can find nearly anything with Google. We could do an entire course on using Google searches, but we're going to narrow our discussion to searching for Office documents on Google.

Some information you'll find on the web is intentionally public. But sometimes, document owners don't realize how much they've made available to others. For this reason, we're going to blur some of the results from our search, just to be courteous.

Word Document Search 00:30-01:34 The first search we're doing is for Microsoft Word documents. Up here, in the Search field, I've typed in the word 'site' followed by a colon. From here, you could put in your target, such as CorpNet.xyz. But in our example, we're going to just put in '.edu'. We're not really targeting a particular site or domain. Next, we'll specify the file type, once again followed by a colon. Then we need the actual file extension. In this case, it's 'docx'.

The search results are listed below. Since we did such a broad search, you can see that we have over 800,000 results. We're not going to dive into these. But be aware that all of these results are Word documents with the docx file extensions. If we dropped the X from the extension, we would probably get an equal amount of results.

Now, if you think about this for a minute, you can imagine all the different information that might be in some of these documents: resumes, job applications, and all sorts of confidential information. Many of the document owners, are unaware that it's even possible for an outside user to see this information.

Excel Document Search 01:34-02:13 Let's look at our next tab. Excel files and other spreadsheets are pretty interesting. Many people use Excel to store data, everything from addresses, phone numbers, and emails addresses to usernames and passwords. Also, think about this: how many technology workers keep information about their networks in a spreadsheet?

The search format is the same as for Word documents, except that you use 'xlsx' instead of docx. If we come down to this one, right here, this spreadsheet is a timesheet for a department for this college. It likely contains information that they probably don't intend to share on the internet. Someone doing reconnaissance on this college could use this information to gather the names of the employees in that department.

Access Database Search 02:13-02:35 My next search was for Access databases. Once again, we're following the same search format. But this time, we're looking for Access databases, which is mdb. So, for many, if Excel doesn't do what they want for storing data, they might create a database with Access. We didn't get a lot of results from this search. But as I looked down this list, I see some very interesting databases, so that's okay.

PowerPoint Search 02:35-03:04 Next, we have PowerPoint files. When presenting to a large crowd, many people use presentation software such as PowerPoint with the pptx format. A search for the PowerPoint file format gives us over three hundred thousand results. A few interesting results with this search include presentations about company benefits, retirements, and other human resource information. There was also a presentation for their information technology disaster recovery plan. That might be something you don't want to share with everyone.

PDF Search 03:04-03:18 The last thing we'll look for is searching for PDF files. You can see that there are over 180 million PDF files in this search. You can find all sorts of information stored in PDF format, like detailed employee lists, organization charts, and resumes.

Other Searches 03:18-03:46 We didn't actually download or open any of these files in this demo; that wasn't the intent. We wanted to just make you aware of the power of advanced searches with Google and other search engines. You might say, "I would never share anything on a web server." Okay. That might be true. Have you ever stored anything on Google Drive, Dropbox, or other cloud providers? How about uploading a file such as a resume and cover letter? How are these sites handling the documents? Is it with a Wordpress plugin developed by a high school student?

Google Hacking Database 03:46-04:01 One last thing to be aware of is the Google Hacking Database. In this database, you'll find the search syntax to search for files containing just about everything and anything. Just when you don't think there is possibly another way to use Google to find something, this site proves us wrong.

Summary 04:01-04:19 That's it for this demo. In this demo, we did some advanced searches with Google to find Office documents. We viewed the results of the different file formats for Microsoft Office documents and PDF documents. We ended the demo by looking at the Google Hacking Database.