Not really a question, but more of a word of caution. I don't work directly in IT Security, but as part of my job role I take on a lot of this type of work to help protect the data where I work. I found something interesting online during my research (currently working on a Cybersecurity degree!) that I think everyone in this topic should be aware of. There are now services, much like Grabify or IPLogger for shortened URL's, which can log IP addresses when you open a legitimate looking docx or PDF file (even in preview mode I believe!). The website is called CanaryTokens.org which creates a well hidden embedded link within the document that logs whenever the file is opened (on Mac or Windows in Word) and sends the IP address information of the target directly to the email of the person who created the canary.
This is so crazy that newer versions of Microsoft Word still runs these items in the background with the user none the wiser. Additionally, I scanned a sample file with Sophos AV as well as Windows Defender and got zero hits! It didn't trigger when I opened it in LibreOffice on a Linux system, but it triggered right away in Windows. I also found some background research on how to dig into these files to see issues for those interested: https://leonjza.github.io/blog/2015/09/10/canarytokens---the-maybe-not-so-obvious/
So here is my question, if CanaryTokens.org made this happen with a hidden ".jsp" fake image file, can @daniel-lowrie87 turn this into a remote code execution for reverse shell every time someone opens the canary file? Seems like a future "Hands on Hacking" episode!