ElevenPaths Cyber Security Weekly Briefing 27 February – 5 March HAFNIUM attacks Microsoft Exchange servers with 0-day exploits Microsoft has detected the use of multiple 0-day exploits to carry out targeted attacks against on-premise versions of Microsoft Exchange Server (2013,...
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths #CyberSecurityPulse: Private enterprise’s sad contribution to sharing threat intelligence in the United States After just over two years of Congress passed a major bill that encouraged businesses to share with the government how and when threat actors were trying to get into...
ElevenPaths Cyberintelligence Report: Global Banking Cyber Report As the world becomes more digital, new opportunities and threats arise and we tend to focus more on our daily business. As a result, when we are trying to...
Juan Elosua Tomé New FARO Version: Create Your Own Plugin and Contribute to Its Evolution We are pleased to announce the latest version of FARO, our open-source tool for detecting sensitive information, which we will briefly introduce in the following post. Nowadays, any organisation can...
Innovation and Laboratory Area in ElevenPaths Telefónica Tech’s Cybersecurity Unit Becomes Part of The European Commission’s Cybersecurity Atlas Telefónica Tech’s Innovation and Laboratory Area in cyber security has been included as part of the European Commission’s Cybersecurity Atlas, a knowledge management platform that maps, classifies, visualises and...
ElevenPaths Cybersecurity Weekly Briefing October 24-30 Critical vulnerability in Hewlett Packard Enterprise SSMC Hewlett Packard Enterprise has fixed a critical authentication evasion vulnerability (CVE-2020-7197, CVSS 10) affecting its StoreServ Management Console (SSMC) storage management software. HPE...
ElevenPaths New tools: Metashield Bots, analyzing and cleaning metadata for everyone, from everywhere You all know Metashield. Basically, it is a technology from our own to analyze and clean metadata, that is used in several of our own products. Although metadata seems...
ElevenPaths Cyber Security Weekly Briefing 27 February – 5 March HAFNIUM attacks Microsoft Exchange servers with 0-day exploits Microsoft has detected the use of multiple 0-day exploits to carry out targeted attacks against on-premise versions of Microsoft Exchange Server (2013,...
Innovation and Laboratory Area in ElevenPaths Telefónica Tech’s Cybersecurity Unit Becomes Part of The European Commission’s Cybersecurity Atlas Telefónica Tech’s Innovation and Laboratory Area in cyber security has been included as part of the European Commission’s Cybersecurity Atlas, a knowledge management platform that maps, classifies, visualises and...
Miguel Ángel Martos Has the Office as We Know It Come to an End? 2020 has had a difficult start. We have learned that what was “usual” may not be the best. We should reconsider this idea of “the office” as the centre...
ElevenPaths Curiosities About Windows XP Code Leak A few days ago, attention was focused on Reddit, within a community that is characterised by its conspiracy theories. According to the news it consisted of filtering 43 GBs...
Expanding Neto capabilities: how to develop new analysis pluginsElevenPaths 29 May, 2018 In previous posts we have introduced Neto as a browser extension analyzer. The first version we released, 0.5.x included a CLI, a JSON-RPC interface and could be used directly from your scripts. In the 0.6.x series we have gained stability and added some interesting features like the interactive console which makes the analyzer a tool to interact with. However, we have not yet discussed how we can extend Neto’s functionality to suit our needs. A system of plugins to gain flexibility Despite the research needs that we may have from ElevenPaths, it may happen that other security analysts also want to carry out other tasks that we have not thought about. In order to make its use as flexible as possible, we have thought of a system of plugins that allows you to design your own modules. Remember at this point that we can always install the latest version from PyPI with: $ pip3 install neto --user --upgrade But first, we will give you a brief description of how Neto works. Each extension is represented in Python in an object that loads the official analysis methods that we have included in neto/plugins/analysis. Neto will automatically execute the function defined as runAnalysis in which we will receive two different parameters that we can use according to our needs: extensionFile The local path in which the compressed file of the extension is located. unzippedFiles A list in which the keys are the relative path of the unzipped file which is found in the extension and the absolute path value where it has been unzipped in the system. By default, this is a temporary route. { "manifest.json": "/tmp/extension/manifest.json" … } In this way, depending on what we want to do, we can choose one of these options. For example, if we want to work only with the.png files present in the extension, it is easier to do it using unzippedFiles but if we want to analyze the file itself we can use extensionFile. It depends on our needs. What we have to take into account is that you should always return a list in which the key is the name we give to our procedure and the value of the results. Thus, this new attribute will be added to the rest of the elements already obtained. To define our own analysis modules in these first versions of Neto it will be enough to generate a few small scripts in Python, that it will store in its local folder ~/.config/ElevenPaths/Neto/plugins/. The characteristics of these user modules are identical to those of the official modules only that will be loaded upon request. Creating our first plugin for Neto In order to make the process easier for us, we have included a template of a plugin with each installation in ~/.config/ElevenPaths/Neto/plugins/template.py.sampleIt is easy to start developing from this screen and in order to see it we will make a simple plugin, which will count the number of files which the extension contains. def runAnalysis(**kwargs): """ Method that runs an analysis This method is dinamically loaded by neto.lib.extensions.Extension objects to conduct an analysis. The analyst can choose to perform the analysis on kwargs["extensionFile"] or on kwargs["unzippedFiles"]. It SHOULD return a dictionary with the results of the analysis that will be updated to the features property of the Extension. Args: ----- kwargs: It currently contains: - extensionFile: A string to the local path of the extension. - unzippedFiles: A dictionary where the key is the relative path to the file and the the value the absolute path to the extension. { "manifest.json": "/tmp/extension/manifest.json" … } Returns: -------- A dictionary where the key is the name given to the analysis and the value is the result of the analysis. This result can be of any format. """ results = {} # Iterate through all the files in the folder for f, realPath in kwargs["unzippedFiles"].items(): if os.path.isfile(realPath): # TODO: Your code here for each file pass return {__name__: results} Based on the original code, we will utilize the stored information in kwargs["unzippedFiles"]and we will reutilize the loop which we already have to count those elements which are files increasing the variable myCounter, which we initiated at the start of the method. myCounter = 0 # Iterate through all the files in the folder for f, realPath in kwargs["unzippedFiles"].items(): if os.path.isfile(realPath): # TODO: Your code here for each file myCounter += 1 return {"num_files": myCounter} Now we will keep the file in the folder in question as ~/.config/ElevenPaths/Neto/plugins/hello_world.py for example. All that’s left to do is start Neto with a new extension (for example, with the CLI) and to check the exit: $ neto analyser -e ./my_demo.xpi $ cat /home/USER/.config/ElevenPaths/Neto/data/analysis/854…78f.json | grep num_files "num_files": 151, We now have our first plugin for Neto! Now how can I share my plugins with the rest? Once you have defined your plugin and you have tried it in a local instance, we will ask you to share it with us in order to merge it with the main project. Logged in with your username, make a fork of the project in your platform and clone your bifurcated repository in your system. We do it this way in order to prevent undesired circumstances, due to pushear the content of the main Github repository will be rejected because it is not authorized. $ git clone https://github.com/USER/neto $ cd neto Once it is downloaded, copy the file which has already been tested locally to the repository. For example, in a GNU/Linux system you can retrieve the plugin from the file ~/.config/ElevenPaths/Neto/plugins/hello_world.py and copy it into the file of neto/plugins/analysis. $ cp ~/.config/ElevenPaths/Neto/plugins/hello_world.py neto/plugins/analysis Once the file is added, simply add it, make the changes and put it in your repository. $ git add neto/plugins/analyser $ git commit -m "Add hello_world plugin following the tutorial" $ git push origin master Once it is authenticated with your user, the only thing left is to make the pull request so that we can revise and merge it with the main project. Sometime in this revision process we will ask you to clarify some things, so that it is convenient to maintain a certain homogeneity we will utilize the guidelines marked in the style by PEP-8 wherever possible. Anyway, the only general condition is that the generated response is a list in which the key is an element which identifies your analysis in a unique way and does not cause conflict with the rest of the implemented methods. Take into account that in the case that your plugin depends on another packet that is not found by default in Python 3, it will be necessary to update the setup.pyso that they satisfy the corresponding dependencies. Even so, you will not be in the process alone. Do you fancy trying it out? Félix Brezo Innovation and Laboratory Team ElevenPaths @febrezo felix.brezo@11paths.com Analyzing browser extensions with Neto ConsoleElevenPaths further strengthens its reputation as a cybersecurity services provider
ElevenPaths Cyber Security Weekly Briefing 27 February – 5 March HAFNIUM attacks Microsoft Exchange servers with 0-day exploits Microsoft has detected the use of multiple 0-day exploits to carry out targeted attacks against on-premise versions of Microsoft Exchange Server (2013,...
Juan Elosua Tomé New FARO Version: Create Your Own Plugin and Contribute to Its Evolution We are pleased to announce the latest version of FARO, our open-source tool for detecting sensitive information, which we will briefly introduce in the following post. Nowadays, any organisation can...
Innovation and Laboratory Area in ElevenPaths Telefónica Tech’s Cybersecurity Unit Becomes Part of The European Commission’s Cybersecurity Atlas Telefónica Tech’s Innovation and Laboratory Area in cyber security has been included as part of the European Commission’s Cybersecurity Atlas, a knowledge management platform that maps, classifies, visualises and...
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
Gonzalo Álvarez Marañón Functional Cryptography: The Alternative to Homomorphic Encryption for Performing Calculations on Encrypted Data — Here are the exact coordinates of each operative deployed in the combat zone.— How much?— 100.000.— That is too much.— And a code that displays on screen the...