I love documentation—and I recommend documenting a lot. It creates memory, clarity, and resilience. But attackers love it too. Over time, spaces like confluence and sharepoint collect shortcuts, “temporary” exceptions, and helpful screenshots. Alone they look harmless. Together, they can map how to step around controls.
👀 What attackers actually use
-
Notes that describe how to “temporarily” bypass checks
-
Mentions of shared or test accounts used “for convenience”
-
Hints about remote access, allow-lists, or quick openings “for support”
-
Screenshots that reveal settings, approval flows, or who to ask
-
Exported lists of users, systems, or internal locations
-
Attachments with no owner, no classification, and no review date
-
Links set to “anyone with the link,” often without an expiry
-
Scripts, runbooks, and “how-to” guides that include sensitive internal details
🧩 Why this keeps happening
-
Helpful people share broadly so others aren’t blocked
-
“Just for now” files never get cleaned up
-
MFA is not enforced
-
Shared users survive because they’re easy
🔐 Simple habits that help (zero trust)
-
Put things where they belong: secrets in a password vault, code in source control, configs in the right system—not in the wiki
-
Use SSO and MFA for confluence and similar tools; limit or disable local passwords where the platform supports it (especially for admins)
-
Grant access to named groups, not “anyone with the link,” and give links an expiry
-
Require an owner, purpose, and review date for sensitive pages and attachments
-
Avoid screenshots of sensitive settings; document outcomes instead
-
Review sharing regularly and close what’s no longer needed
✅ Bottom line: Wikis should explain how we work—not how to work around controls. Keep them clean, and zero trust becomes a daily habit, not a slogan.