Innovation and Laboratory Area in ElevenPaths Google report 17% of Microsoft vulnerabilities. Microsoft and Qihoo, 10% Who finds more vulnerabilities in Microsoft products? What percentage of vulnerabilities are discovered by Microsoft, other companies or vulnerability brokers? How many flaws have unknown discoverers? Over this report we have analyzed...
Innovation and Laboratory Area in ElevenPaths Uncovering APTualizator: the APT that patches Windows By the end of June 2019, we assisted to an incident were a high number of computers had started to reboot abnormally. In parallel, Kaspersky detected a file called swaqp.exe, which apparently...
ElevenPaths New report: Twitter botnets detection in sports event We all know that a botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform DDoS attacks,...
ElevenPaths Carrier Level Immutable Protection (CLIP): secure and trusted technology to empowering carriers. A year ago, we were signing our partnership agreement with Rivetz, where we set the stage for the creation of a new decentralized model to enhance data security and...
Innovation and Laboratory Area in ElevenPaths Google report 17% of Microsoft vulnerabilities. Microsoft and Qihoo, 10% Who finds more vulnerabilities in Microsoft products? What percentage of vulnerabilities are discovered by Microsoft, other companies or vulnerability brokers? How many flaws have unknown discoverers? Over this report we have analyzed...
Innovation and Laboratory Area in ElevenPaths EasyDoH: our new extension for Firefox that makes DNS over HTTPS simpler A year ago, the IETF has raised to RFC the DNS over HTTPS proposal. This new is more important than it may seem. For two reasons: firstly, it’s a...
ElevenPaths #CyberSecurityPulse: Dude, Where Are My Bitcoins? Numerous types of attacks are affecting cryptocurrency users: families of malware that steal wallets, phishing attacks that try to forge platforms where users manage their bitcoins, applications that use...
ElevenPaths New tool: “Web browsers HSTS entries eraser”, our Metasploit post exploitation module This module deletes the HSTS/HPKP database of the main browsers: Chrome, Firefox, Opera, Safari and wget in Windows, Mac and Linux. This allows an attacker to perform man in...
Innovation and Laboratory Area in ElevenPaths Google report 17% of Microsoft vulnerabilities. Microsoft and Qihoo, 10% Who finds more vulnerabilities in Microsoft products? What percentage of vulnerabilities are discovered by Microsoft, other companies or vulnerability brokers? How many flaws have unknown discoverers? Over this report we have analyzed...
Sergio De Los Santos Facebook signed one of its apps with a private key shared with other Google Play apps since 2015 Facebook Basics is a Facebook app aimed at countries with poor connectivity, where a free access service to WhatsApp and Facebook is provided. It has been discovered that the Android version...
ElevenPaths Don’t confuse the frequency of an incident with the ease you remember it Imagine that there have been a few robberies in two parks of your town that have got all the attention for days. This afternoon you would like to go...
Innovation and Laboratory Area in ElevenPaths Uncovering APTualizator: the APT that patches Windows By the end of June 2019, we assisted to an incident were a high number of computers had started to reboot abnormally. In parallel, Kaspersky detected a file called swaqp.exe, which apparently...
How to implement Oauth protocol in Powershell (an example with Latch)Florence Broderick 9 April, 2014 Latch already counts with lots of SDKs and plugins, so you can implement it with different languages or use it with your favorite CMS. There is an “unofficial” bash implementation, even. But you may want to experiment with Latch and some Powershell scripting. Since Latch uses some kind of Oauth technique to authenticate, you may use this code to implement any other Oauth protocol with Powershell, with minor changes to this code. Different SDKs and plugins developed so far The best way to deal with this is to create a Powershell module that will export some functions. Creating a module is easy. Just use your editor of choice and write down the functions you need. You will need a Latch account, remember this is just as easy as: Register for free here to get a Latch account in a couple of minutes. Register as a developer. Create your account so you get your Secret and AppId. Download the app for your smartphone: It is available for Android, iOS, Windows Phone and Firefox OS. Coding We will create some funcions so we can interact with the official API. First of all, the constants: Set-Variable API_HOST -option Constant -value "https://latch.elevenpaths.com";Set-Variable API_CHECK_STATUS_URL -option Constant -value "/api/0.6/status";Set-Variable API_PAIR_URL -option Constant -value "/api/0.6/pair";Set-Variable API_UNPAIR_URL -option Constant -value "/api/0.6/unpair"; This will be the code function for the other ones. It will get an URL, the AppId and the Secret. Will return the result (code is simplified): function AuthenticationHeaders{ param( [string] $url, [string] $applicationId, [string] $secretkey ) $requestSignature="GET`n" $date = Get-Date -format u $date = $date.Substring(0,$date.Length-1) $requestSignature+=$date+"`n`n"+$url $sha = new-object System.Security.Cryptography.HMACSHA1 $sha.Key = [Text.Encoding]::ASCII.GetBytes($secretkey) $seedBytes = [Text.Encoding]::ASCII.GetBytes($requestSignature) $digest = $sha.ComputeHash($seedBytes) $base64Encoded = [Convert]::Tobase64String($digest) $wc = New-Object system.net.webclient $wc.Headers.Add("Authorization","11PATHS " + "$($applicationId) $($base64Encoded)") $wc.Headers.Add("X-11Paths-Date", $date) Try { $result = $wc.DownloadString($API_HOST+$url) } Catch { $ErrorMessage = $_.Exception.Message $FailedItem = $_.Exception.ItemName Break } return $result} Now you have the basics, the functionality is easier to achieve. For example, pairing an account would be just this: function Pair{ param( $applicationId, $secretkey, $pairingCode ) $url = "$($API_PAIR_URL)/$($pairingCode)" $result = AuthenticationHeaders $url $applicationId $secretkey return $result} That will just basically call AuthenticationHeaders with the right parameters. To check the status of the account (one of the most important features) just use this, using again the main AuthenticationHeaders function. function Status{ param( $applicationId, $secretkey, $accountID ) $url = "$($API_CHECK_STATUS_URL)/$($accountID)" $result = AuthenticationHeaders $url $applicationId $secretkey return $result} For unpairing: function UnPair{ param( $applicationId, $secretkey, $accountID ) $url = "$($API_UNPAIR_URL)/$($accountID)" $result = AuthenticationHeaders $url $applicationId $secretkey return $result} How to use it There is much more to do and functions to implement, that are left as an exercise to the reader. To use this code, insert a line in the module with the functions you want to export, like: Export-ModuleMember -Function Pair,UnPair,Status Now, you can install this module, (just copying it to %UserProfile%DocumentsWindowsPowerShellModules, for example) and use it like this,. If you named it Latch.ps1, it would be, for example: $l = import-module Latch -ascustomobject$applicationId="bqwRxYXXXXXXX"$secretkey="6O6zi6PDPnLzfVZcXXXXXXXXXXXXXXX"$accountID="543ac56903aee2bc7fa40c88ed274e1XXXXXXXXXXXXXXX"$l.Pair($applicationId,$secretkey,$args[0])$l.Status($applicationId,$secretkey,$accountID)$l.UnPair($applicationId,$secretkey,$accountID) This commands will return a JSON you can parse, just like the specifications in https://latch.elevenpaths.com suggest. An example of using this scripts for pairing, getting the status and unparing For another approach to this problem, the SDK for powershell may be used, that will be available soon. Latch Event Monitor: New tool to integrate Latch with Windows EventsHeartbleed plugin, ready for FaasT
Innovation and Laboratory Area in ElevenPaths Google report 17% of Microsoft vulnerabilities. Microsoft and Qihoo, 10% Who finds more vulnerabilities in Microsoft products? What percentage of vulnerabilities are discovered by Microsoft, other companies or vulnerability brokers? How many flaws have unknown discoverers? Over this report we have analyzed...
Innovation and Laboratory Area in ElevenPaths EasyDoH: our new extension for Firefox that makes DNS over HTTPS simpler A year ago, the IETF has raised to RFC the DNS over HTTPS proposal. This new is more important than it may seem. For two reasons: firstly, it’s a...
Sergio De Los Santos Facebook signed one of its apps with a private key shared with other Google Play apps since 2015 Facebook Basics is a Facebook app aimed at countries with poor connectivity, where a free access service to WhatsApp and Facebook is provided. It has been discovered that the Android version...
ElevenPaths New tool: Masked Extension Control (MEC), don’t trust Windows extensions Windows relies too much on extensions to choose the program that must process a file. For instance, any .doc file will be opened by Word, regardless of its “magic...
Innovation and Laboratory Area in ElevenPaths Five interesting own tools that you may have missed (and a surprise) This time we are going to rehash a blog entry by gathering some of the own tools that we have recently developed and we consider of interest. We summarize...
Innovation and Laboratory Area in ElevenPaths Uncovering APTualizator: the APT that patches Windows By the end of June 2019, we assisted to an incident were a high number of computers had started to reboot abnormally. In parallel, Kaspersky detected a file called swaqp.exe, which apparently...
