ElevenPaths Cyber Security Weekly Briefing 27 February – 5 March HAFNIUM attacks Microsoft Exchange servers with 0-day exploits Microsoft has detected the use of multiple 0-day exploits to carry out targeted attacks against on-premise versions of Microsoft Exchange Server (2013,...
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
Innovation and Laboratory Area in ElevenPaths Our Telegram channel CyberSecurityPulse has already a webpage Our Cybersecurity Pulse Telegram channel already has a website. Follow us to keep up to date with the most relevant cybersecurity news.
ElevenPaths ElevenPaths Presents DIARIO, the Malware Detector That Respects Users’ Privacy The tool statically scans and analyses documents without the need to identify the content of the files, thus respecting and guaranteeing their privacy.DIARIO is a new concept of malware...
Juan Elosua Tomé New FARO Version: Create Your Own Plugin and Contribute to Its Evolution We are pleased to announce the latest version of FARO, our open-source tool for detecting sensitive information, which we will briefly introduce in the following post. Nowadays, any organisation can...
Innovation and Laboratory Area in ElevenPaths Telefónica Tech’s Cybersecurity Unit Becomes Part of The European Commission’s Cybersecurity Atlas Telefónica Tech’s Innovation and Laboratory Area in cyber security has been included as part of the European Commission’s Cybersecurity Atlas, a knowledge management platform that maps, classifies, visualises and...
David García Bestiary of a Poorly Managed Memory (III) Our expert David Garcia explains some consequences of poor memory management such as dangling pointers or memory leaks.
ElevenPaths #CyberSecurityPulse: The Last Disaster of Ethereum’s Most Important Wallets It is estimated that 587 wallets with around 513,774.16 ethers have been frozen after an anomaly in one of Ethereum’s most important wallets was detected. Parity Technologies, a company...
ElevenPaths Cyber Security Weekly Briefing 27 February – 5 March HAFNIUM attacks Microsoft Exchange servers with 0-day exploits Microsoft has detected the use of multiple 0-day exploits to carry out targeted attacks against on-premise versions of Microsoft Exchange Server (2013,...
Innovation and Laboratory Area in ElevenPaths Telefónica Tech’s Cybersecurity Unit Becomes Part of The European Commission’s Cybersecurity Atlas Telefónica Tech’s Innovation and Laboratory Area in cyber security has been included as part of the European Commission’s Cybersecurity Atlas, a knowledge management platform that maps, classifies, visualises and...
ElevenPaths WhatsApp, Telegram or Signal, Which One? In the world of smartphones, 2021 began with a piece of news that has left no one indifferent: the update of WhatsApp’s terms and conditions of use. This measure,...
Diego Samuel Espitia Detecting the Indicators of An Attack We always choose to implement prevention and deterrence rather than containment mechanisms in security. However, the implementation of these mechanisms is not always effective or simple to set up...
Analyzing browser extensions with Neto ConsoleElevenPaths 21 May, 2018 Fifteen days ago we published the first version of Neto, our extensions analyzer in Github. It was published under a free license, also during this time we have worked on a series of features which allow the analysts to have a better interaction with each one of the tool’s uses, in addition to improving their settings. In this post we will see some of the new changes which we have included in this version whilst highlighting their interactive interface. The main new changes to version 0.6 In this second release we will include some of the features which we consider to be relevant: The Neto console. Is the main use included within this version. It deals with a small interface of commands which we invoke with neto console and from that we can execute different analysis commands in an interactive way which we will see further on in this post. The folder settings. In this prerelease we have also included a series of file settings which will generate during the installation. In systems GNU/Linux the folder settings will be created in /home//.config/ElevenPaths/Neto and furthermore, will be the place in which we store the main folder settings and some of the backups, a reference folder where we can store the analysis results. In Windows systems this folder will be created in C:/Users//ElevenPaths/Neto. Visualisation of the analyses’ characteristics carried out in CLI. Thus, the analyst can check from the command line the main extracted characteristics from the analysis, such as the hash extension, the permissions used, the scripts which load in each tab or in the background and also the valuation which Virustotal does from the archive; without the need of manually exploring the JSON. The JSON will continue to be generated with the complete data. The simplest way of installing the tool is with the pip command: pip3 install neto Those who have already downloaded the previous version, will have to update it by adding the previous --upgrade command: pip3 install neto --upgrade The GNU/Linux systems’ command can execute it either with an administrator’s profile or even with a sudo if we are not administrators and we do not have privileges to add it, use --'user'in order to install it only for the actual user. The interactive console As we previously commented upon, the main change of this version has been the addition of the interactive Neto console. Within the commands interface which we have included, we wanted to get closer to some of the Neto features in an easier way, in order to explore the extensions. In order to launch it from the commands line we will utilize neto console, which will open an interactive interface. From there, at any moment we can support it by using the help command, in order to see which options we have. So far, we have included 13 different commands with distinct uses, which we will order below in alphabetical order. Where it has been possible, we have implemented the autocomplete option. In whichever case, if we have doubts about any of their functions, we can use the 'help' command to see the available help and some examples of how to use it: analyse. The main analysis command. It will be followed by the key words «local» or «remote» depending on whether the extension which we are going to analyze is stored locally or if we provide a remote URL. If we select the local option, we can autocomplete the contained extension names in the 'working_directory' which we have defined. delete. A command utilized to delete the analyses which have been carried out. It is in charge of deleting the analysis files which have not been useful. We can make reference to the analysis by carrying it out with the reserved words ALL or SELECTED, as well as by the extension name. It must be used with caution in order to avoid any issues. deselect. It is the reverse command to deselect. It will highlight an extension as selected if you specify the same name in a literal form. You can also use the reserved word «ALL». details. Shows the most relevant extension information which we can select using the autocomplete functions. It deals with the same information which we would see after carrying out the analysis using the CLI. If we want the complete details of the JSON we can use full_details. exit. Closes the console. full_details. Shows the corresponding JSON for the selected extension. grep. A literal search command in the already stored analyses. The extension names will be returned which contain the chain’s literal text which we have included below with the name. By default, the search will be carried out only on the extensions which have been selected. In the case that none of them have been selected, it will carry it out on all of them. help. The command which gives support. list. With this we will list the analyses which have been carried out. We can also utilize the reserved words «ALL» and «SELECTED», the wildcard «*» in order to indicate extensions which start by a determined text chain (e. g.: list ad*). select. Is a command used to select some of the extensions which we have previously seen (for example, in order to erase them or to search for them). set. It deals with a command which we will use to modify some specific values of the interface options, such as the working directory. show. We will utilize this command only to show the tool’s information, such as its generic data (using show info) or the interface options (using show info). update. Update the list of known extensions. This is useful if whilst we maintain the interface open we have another process behind (for example, the CLI launched with neto analyse -e miextension.xpi) which continues adding extensions. Following this, we have provided a small demonstration video below of how the interface console functions with Neto Console, so that it gives you the idea of how to use it. In the future… Although the state of the Neto development is still clearly a work in progress, our Innovation Laboratory at ElevenPaths wants to continue enhancing the tool’s characteristics. In the next few weeks we will talk about how to develop new analysis plugins in order to add new characteristics which we will find in the extensions, and in some cases in those in which the tool can be helpful in analyzing the extension’s characteristics at a glance. Meanwhile, in order to continue improving little by little you can always let us know any doubts which you may have in respect to how it functions and also any issues within the Github project. Any feedback will be well received. Félix Brezo Innovation and Laboratory Team at ElevenPaths @febrezo felix.brezo@11paths.com #CyberSecurityPulse: The eternal dispute: backdoors and national security#CyberSecurityPulse: Google’s project to fight election attacks
ElevenPaths Cyber Security Weekly Briefing 27 February – 5 March HAFNIUM attacks Microsoft Exchange servers with 0-day exploits Microsoft has detected the use of multiple 0-day exploits to carry out targeted attacks against on-premise versions of Microsoft Exchange Server (2013,...
Juan Elosua Tomé New FARO Version: Create Your Own Plugin and Contribute to Its Evolution We are pleased to announce the latest version of FARO, our open-source tool for detecting sensitive information, which we will briefly introduce in the following post. Nowadays, any organisation can...
Innovation and Laboratory Area in ElevenPaths Telefónica Tech’s Cybersecurity Unit Becomes Part of The European Commission’s Cybersecurity Atlas Telefónica Tech’s Innovation and Laboratory Area in cyber security has been included as part of the European Commission’s Cybersecurity Atlas, a knowledge management platform that maps, classifies, visualises and...
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
Gonzalo Álvarez Marañón Functional Cryptography: The Alternative to Homomorphic Encryption for Performing Calculations on Encrypted Data — Here are the exact coordinates of each operative deployed in the combat zone.— How much?— 100.000.— That is too much.— And a code that displays on screen the...