ElevenPaths Cyber Security Weekly Briefing January 16-22 SolarWinds Update New details have been released about the software supply chain compromise unveiled in December. FireEye researchers have published an analysis that puts the focus on the threat actor called...
Antonio Gil Moyano Homeworking: Balancing Corporate Control and Employee Privacy (II) As a continuation of the first article in which we saw both the regulation of homeworking and the security and privacy measures in this modality, in this second issue...
ElevenPaths SASE: The Future of Networks and Security Is Now Here Since Gartner published their report entitled “The Future of Security Networks is in the Cloud” in August 2019, which pointed out the concept of SASE as the key to...
ElevenPaths Trend Report: Hacktivist CyberThreats Report 2019 An analytical report that includes the periodic scanning of the hacktivist threat’s behavior in five observation rings: Europe and the United Kingdom, North America, Latin America, MENA / Asia...
ElevenPaths Cyber Security Weekly Briefing January 16-22 SolarWinds Update New details have been released about the software supply chain compromise unveiled in December. FireEye researchers have published an analysis that puts the focus on the threat actor called...
Gonzalo Álvarez Marañón Plausibly Deniable Encryption or How to Reveal A Key Without Revealing It When the secret police arrested Andrea at the airport checkpoint, she thought it was a mere formality reserved for all foreign citizens. When they searched her luggage and found...
ElevenPaths New tool: PySCTChecker This is a “Quick and dirty” Python script for checking if a domain properly implements Certificate Transparency. If so, it is possible to observe how Certificate Transparency is implemented...
Nikolaos Tsouroulas Looking for a MDR partner? Beware, not all MDRs are the same Are you throwing more money than you can afford into your SOC but still failing to detect and respond quickly enough to incidents? Have you suffered the impact of...
ElevenPaths Cyber Security Weekly Briefing January 16-22 SolarWinds Update New details have been released about the software supply chain compromise unveiled in December. FireEye researchers have published an analysis that puts the focus on the threat actor called...
Antonio Gil Moyano Homeworking: Balancing Corporate Control and Employee Privacy (II) As a continuation of the first article in which we saw both the regulation of homeworking and the security and privacy measures in this modality, in this second issue...
ElevenPaths The Framing Effect: you make your choices depending on how information is presented You have received an alert from cyber intelligence. A terrible and enormous cyberattack is approaching. You must ensure the protection of 600 positions within your organization. You don’t have...
Gonzalo Álvarez Marañón Are You Crypto-Agile to Respond Quickly to Changing Cyberthreats? A business is considered agile if it is able to respond quickly to market changes, adapt to maintain stability. However, without cryptography there is no security and without security...
How to implement Oauth protocol in Powershell (an example with Latch)Florence Broderick 9 April, 2014 Latch already counts with lots of SDKs and plugins, so you can implement it with different languages or use it with your favorite CMS. There is an “unofficial” bash implementation, even. But you may want to experiment with Latch and some Powershell scripting. Since Latch uses some kind of Oauth technique to authenticate, you may use this code to implement any other Oauth protocol with Powershell, with minor changes to this code. Different SDKs and plugins developed so far The best way to deal with this is to create a Powershell module that will export some functions. Creating a module is easy. Just use your editor of choice and write down the functions you need. You will need a Latch account, remember this is just as easy as: Register for free here to get a Latch account in a couple of minutes. Register as a developer. Create your account so you get your Secret and AppId. Download the app for your smartphone: It is available for Android, iOS, Windows Phone and Firefox OS. Coding We will create some funcions so we can interact with the official API. First of all, the constants: Set-Variable API_HOST -option Constant -value "https://latch.elevenpaths.com";Set-Variable API_CHECK_STATUS_URL -option Constant -value "/api/0.6/status";Set-Variable API_PAIR_URL -option Constant -value "/api/0.6/pair";Set-Variable API_UNPAIR_URL -option Constant -value "/api/0.6/unpair"; This will be the code function for the other ones. It will get an URL, the AppId and the Secret. Will return the result (code is simplified): function AuthenticationHeaders{ param( [string] $url, [string] $applicationId, [string] $secretkey ) $requestSignature="GET`n" $date = Get-Date -format u $date = $date.Substring(0,$date.Length-1) $requestSignature+=$date+"`n`n"+$url $sha = new-object System.Security.Cryptography.HMACSHA1 $sha.Key = [Text.Encoding]::ASCII.GetBytes($secretkey) $seedBytes = [Text.Encoding]::ASCII.GetBytes($requestSignature) $digest = $sha.ComputeHash($seedBytes) $base64Encoded = [Convert]::Tobase64String($digest) $wc = New-Object system.net.webclient $wc.Headers.Add("Authorization","11PATHS " + "$($applicationId) $($base64Encoded)") $wc.Headers.Add("X-11Paths-Date", $date) Try { $result = $wc.DownloadString($API_HOST+$url) } Catch { $ErrorMessage = $_.Exception.Message $FailedItem = $_.Exception.ItemName Break } return $result} Now you have the basics, the functionality is easier to achieve. For example, pairing an account would be just this: function Pair{ param( $applicationId, $secretkey, $pairingCode ) $url = "$($API_PAIR_URL)/$($pairingCode)" $result = AuthenticationHeaders $url $applicationId $secretkey return $result} That will just basically call AuthenticationHeaders with the right parameters. To check the status of the account (one of the most important features) just use this, using again the main AuthenticationHeaders function. function Status{ param( $applicationId, $secretkey, $accountID ) $url = "$($API_CHECK_STATUS_URL)/$($accountID)" $result = AuthenticationHeaders $url $applicationId $secretkey return $result} For unpairing: function UnPair{ param( $applicationId, $secretkey, $accountID ) $url = "$($API_UNPAIR_URL)/$($accountID)" $result = AuthenticationHeaders $url $applicationId $secretkey return $result} How to use it There is much more to do and functions to implement, that are left as an exercise to the reader. To use this code, insert a line in the module with the functions you want to export, like: Export-ModuleMember -Function Pair,UnPair,Status Now, you can install this module, (just copying it to %UserProfile%DocumentsWindowsPowerShellModules, for example) and use it like this,. If you named it Latch.ps1, it would be, for example: $l = import-module Latch -ascustomobject$applicationId="bqwRxYXXXXXXX"$secretkey="6O6zi6PDPnLzfVZcXXXXXXXXXXXXXXX"$accountID="543ac56903aee2bc7fa40c88ed274e1XXXXXXXXXXXXXXX"$l.Pair($applicationId,$secretkey,$args[0])$l.Status($applicationId,$secretkey,$accountID)$l.UnPair($applicationId,$secretkey,$accountID) This commands will return a JSON you can parse, just like the specifications in https://latch.elevenpaths.com suggest. An example of using this scripts for pairing, getting the status and unparing For another approach to this problem, the SDK for powershell may be used, that will be available soon. Latch Event Monitor: New tool to integrate Latch with Windows EventsHeartbleed plugin, ready for FaasT
ElevenPaths Cyber Security Weekly Briefing January 16-22 SolarWinds Update New details have been released about the software supply chain compromise unveiled in December. FireEye researchers have published an analysis that puts the focus on the threat actor called...
Antonio Gil Moyano Homeworking: Balancing Corporate Control and Employee Privacy (II) As a continuation of the first article in which we saw both the regulation of homeworking and the security and privacy measures in this modality, in this second issue...
Gonzalo Álvarez Marañón Plausibly Deniable Encryption or How to Reveal A Key Without Revealing It When the secret police arrested Andrea at the airport checkpoint, she thought it was a mere formality reserved for all foreign citizens. When they searched her luggage and found...
ElevenPaths Cyber Security Weekly Briefing January 9-15 Sunburst shows code matches with Russian-associated malware Kaspersky researchers have found that the Sunburst malware used during the SolarWinds supply chain attack is consistent in its characteristics with Kazuar, a...
Sergio De Los Santos The Attack on SolarWinds Reveals Two Nightmares: What Has Been Done Right and What Has Been Done Wrong All cyber security professionals now know at least part of what was originally thought to be “just” an attack on SolarWinds, which has just truned out to be one...
Antonio Gil Moyano Homeworking: Balancing Corporate Control and Employee Privacy (I) At this point in time and looking back on 2020, nobody would have imagined the advance in the digitalisation of organisations and companies due to the irruption of homeworking...