Five interesting own tools that you may have missed (and a surprise)

Innovation and Laboratory Area in ElevenPaths    6 August, 2019

This time we are going to rehash a blog entry by gathering some of the own tools that we have recently developed and we consider of interest. We summarize their functionalities and accept suggestions. We recommend paying attention to the whole post, since we have included a new tool that we have not completely announced yet.

PsicoWiFi: An integral anonymity and Wi-Fi management suite on Windows

When you connect to a Wi-Fi network you are giving a lot of information to third parties. Ranging from your MAC address to potential hidden or public networks that you have ever accessed. For this reason, we have developed a tool with the aim of making the most of Windows functionalities allowing anonymity, as well as controlling our Wi-Fi networks at all times: from when we are connected to what passwords they have; from the generation of random MACs, to the control of hidden SSIDs. PsicoWiFi allows to comfortably enhance privacy and Wi-Fi connection control from a single tool, centralized and easy-to-use.

You can download it from here.

PESTO: Are your binaries secure when facing vulnerabilities?

One of the fundamental dangers in IT security are vulnerabilities in general, and the capacities to exploit them to execute code in particular. Historically, a high number of technologies have been developed to mitigate exploit capabilities to work in Windows, so creating barriers to prevent a buffer overflow vulnerability from ending up in code execution. Many of these barriers need that the binary to be protected (or that does not help to the exploit) may be compiled with a particular option enabling real protection. PESTO−PE (files) Statistical Tool−has been created to analyze how and how many files are protected on the operating system.

You can download it from here.

Pin Patrol: Controlling HSTS connections from your browser

It is a Firefox and Chrome extension that shows, in readable form, the HSTS (HTTP Strict Transport Security) and HPKP (HTTP Public Key Pins) state of the domains stored by the browser. Neither Firefox nor Chrome have a native way to see it, and they do not document too much this information.

Pin Patrol arose from an investigation that led us to the Black Hat, Rooted, as well as to create cloudpinning.com for testing. Even Facebook used it as an excuse to implement a kind of inverse HSTS.

You can download it here for Firefox and here for Chrome.

NETO: the most complete suite to perform analyses on plug-ins, extensions and browser plug-ins

From ElevenPaths’ Innovation and Labs we have created a new tool to analyze browser extensions. It is complete suite (also extensible with its own plug-ins) to analyze extensions; it is easy to use and provides useful information on extensions’ own features, both of Firefox and Chrome or Opera.

The extensions contain relevant information such as the version, default language, permissions required for their correct working, or the URL address structure on which the extension will operate. Furthermore, it contains pointers to other files such as the relative HTML file path that will be loaded by clicking on its icon, or JavaScript file references which should be run both in the background (background scripts) as with each page loaded by the browser itself (content scripts).

However, the file analysis that makes up an extension can also reveal the existence of files which should not be in production applications. Among them, it could appear files linked to the management of versions such as GIT or other temporary and backup files. Of course, there are also extensions which are created as malware, adware, or to spy on users.

All the instructions to use it, and even if you feel encouraged to write plug-ins for NETO itself, are available here.

CCW: Monitor your clipboard to prevent thefts in bank transfers

Since 2017, the crypto clipboard hijacking technique is becoming quite popular. Cryptocurrency in general constitutes a new target for malware, and mining Bitcoins is not profitable anymore in “standard” computers (maybe Monero is). However, targeting the clipboard to steal cryptocurrencies is a new, simple and interesting formula that malware creators are exploiting. Examples such as Cryptoshuffle, Evrial or N40 BotNet show this.

For all these reasons we have created a simple tool that monitors your clipboard in order to warn you if the cryptocurrency destination address is changed.

CCW is really simple. Install it from here and it will let you know if your clipboard is switched.

Next version will be soon released, that will protect bank account numbers as well.

DIARIO: Analyze your documents without sharing them

And the surprise came: our malware detection system and privacy protector that has only been announced at the Rooted 2019 and over our Innovation Day.

DIARIO can be consumed in several ways:

  • A system to analyze malware in documents. You only have to visit https://diario.e-paths.com and drag your file there. Keep calm, we will deliver the results without sharing your file with anyone or anything; and wholly outside antivirus technologies, so you may have an additional opinion.
  • If you do not trust it, it’s OK. Use our API where you will be able to create your own client, see that the file is not sent to the server, automatizing, etc.
  • We only keep what we need from the file (for instance, docs macros and PDF JavaScript), so we have a solid data base for analysts. Do you want to try this functionality? Write us via labs@11paths.com.

Leave a Reply

Your email address will not be published. Required fields are marked *