ElevenPaths We Announce Our Digital Operation Centers, Where All Our Digital Services Are Focused The Telefónica Cybersecurity Unit holds its VII Security Innovation Day, under the motto ‘Guards for Digital Lives.’With speakers such as Chema Alonso, Pedro Pablo Pérez, Julia Perea and Ester...
Innovation and Laboratory Area in ElevenPaths Google report 17% of Microsoft vulnerabilities. Microsoft and Qihoo, 10% Who finds more vulnerabilities in Microsoft products? What percentage of vulnerabilities are discovered by Microsoft, other companies or vulnerability brokers? How many flaws have unknown discoverers? Over this report we have analyzed...
ElevenPaths Telefónica and ElevenPaths integrate its digital signature solution and biometric SealSign with Microsoft Azure The company presents its latest developments at the 5th Security Innovation Day TELEFÓNICA INTEGRATES ITS DIGITAL SIGNATURE SOLUTION AND BIOMETRIC SEALSIGN WITH MICROSOFT AZURE This integration of the SealSign platform with...
ElevenPaths How are we preparing ourselves for the RSA Conference 2018? 2018 is a unique year for us. We continue on our journey with the great security community to jointly combat the threats faced by our sector. At ElevenPaths, Telefónica’s...
ElevenPaths We Announce Our Digital Operation Centers, Where All Our Digital Services Are Focused The Telefónica Cybersecurity Unit holds its VII Security Innovation Day, under the motto ‘Guards for Digital Lives.’With speakers such as Chema Alonso, Pedro Pablo Pérez, Julia Perea and Ester...
Innovation and Laboratory Area in ElevenPaths EasyDoH Update Hot off the Press: New Improvements and Functionalities Just a few weeks ago, we launched EasyDoH: an extension for Firefox that simplifies the use of DNS over HTTPS. We have been asked about its improvements and several...
ElevenPaths New research: Docless Vietnam APT. A very interesting malware against Vietnam Government We have detected a malware sent to some email accounts belonging to a Vietnam government domain. This email is written in Vietnamese and is dated March 13th, 2019. It seems to...
ElevenPaths New tool: PySCTChecker This is a “Quick and dirty” Python script for checking if a domain properly implements Certificate Transparency. If so, it is possible to observe how Certificate Transparency is implemented...
ElevenPaths We Announce Our Digital Operation Centers, Where All Our Digital Services Are Focused The Telefónica Cybersecurity Unit holds its VII Security Innovation Day, under the motto ‘Guards for Digital Lives.’With speakers such as Chema Alonso, Pedro Pablo Pérez, Julia Perea and Ester...
Innovation and Laboratory Area in ElevenPaths Google report 17% of Microsoft vulnerabilities. Microsoft and Qihoo, 10% Who finds more vulnerabilities in Microsoft products? What percentage of vulnerabilities are discovered by Microsoft, other companies or vulnerability brokers? How many flaws have unknown discoverers? Over this report we have analyzed...
ElevenPaths The hugest collection of usernames and passwords has been filtered…or not (I) Sometimes, someone frees by mistake (or not) an enormous set of text files with millions of passwords inside. An almost endless list of e-mail accounts with their passwords or...
Innovation and Laboratory Area in ElevenPaths Google report 17% of Microsoft vulnerabilities. Microsoft and Qihoo, 10% Who finds more vulnerabilities in Microsoft products? What percentage of vulnerabilities are discovered by Microsoft, other companies or vulnerability brokers? How many flaws have unknown discoverers? Over this report we have analyzed...
How to implement Oauth protocol in Powershell (an example with Latch)Florence Broderick 9 April, 2014 Latch already counts with lots of SDKs and plugins, so you can implement it with different languages or use it with your favorite CMS. There is an “unofficial” bash implementation, even. But you may want to experiment with Latch and some Powershell scripting. Since Latch uses some kind of Oauth technique to authenticate, you may use this code to implement any other Oauth protocol with Powershell, with minor changes to this code. Different SDKs and plugins developed so far The best way to deal with this is to create a Powershell module that will export some functions. Creating a module is easy. Just use your editor of choice and write down the functions you need. You will need a Latch account, remember this is just as easy as: Register for free here to get a Latch account in a couple of minutes. Register as a developer. Create your account so you get your Secret and AppId. Download the app for your smartphone: It is available for Android, iOS, Windows Phone and Firefox OS. Coding We will create some funcions so we can interact with the official API. First of all, the constants: Set-Variable API_HOST -option Constant -value "https://latch.elevenpaths.com";Set-Variable API_CHECK_STATUS_URL -option Constant -value "/api/0.6/status";Set-Variable API_PAIR_URL -option Constant -value "/api/0.6/pair";Set-Variable API_UNPAIR_URL -option Constant -value "/api/0.6/unpair"; This will be the code function for the other ones. It will get an URL, the AppId and the Secret. Will return the result (code is simplified): function AuthenticationHeaders{ param( [string] $url, [string] $applicationId, [string] $secretkey ) $requestSignature="GET`n" $date = Get-Date -format u $date = $date.Substring(0,$date.Length-1) $requestSignature+=$date+"`n`n"+$url $sha = new-object System.Security.Cryptography.HMACSHA1 $sha.Key = [Text.Encoding]::ASCII.GetBytes($secretkey) $seedBytes = [Text.Encoding]::ASCII.GetBytes($requestSignature) $digest = $sha.ComputeHash($seedBytes) $base64Encoded = [Convert]::Tobase64String($digest) $wc = New-Object system.net.webclient $wc.Headers.Add("Authorization","11PATHS " + "$($applicationId) $($base64Encoded)") $wc.Headers.Add("X-11Paths-Date", $date) Try { $result = $wc.DownloadString($API_HOST+$url) } Catch { $ErrorMessage = $_.Exception.Message $FailedItem = $_.Exception.ItemName Break } return $result} Now you have the basics, the functionality is easier to achieve. For example, pairing an account would be just this: function Pair{ param( $applicationId, $secretkey, $pairingCode ) $url = "$($API_PAIR_URL)/$($pairingCode)" $result = AuthenticationHeaders $url $applicationId $secretkey return $result} That will just basically call AuthenticationHeaders with the right parameters. To check the status of the account (one of the most important features) just use this, using again the main AuthenticationHeaders function. function Status{ param( $applicationId, $secretkey, $accountID ) $url = "$($API_CHECK_STATUS_URL)/$($accountID)" $result = AuthenticationHeaders $url $applicationId $secretkey return $result} For unpairing: function UnPair{ param( $applicationId, $secretkey, $accountID ) $url = "$($API_UNPAIR_URL)/$($accountID)" $result = AuthenticationHeaders $url $applicationId $secretkey return $result} How to use it There is much more to do and functions to implement, that are left as an exercise to the reader. To use this code, insert a line in the module with the functions you want to export, like: Export-ModuleMember -Function Pair,UnPair,Status Now, you can install this module, (just copying it to %UserProfile%DocumentsWindowsPowerShellModules, for example) and use it like this,. If you named it Latch.ps1, it would be, for example: $l = import-module Latch -ascustomobject$applicationId="bqwRxYXXXXXXX"$secretkey="6O6zi6PDPnLzfVZcXXXXXXXXXXXXXXX"$accountID="543ac56903aee2bc7fa40c88ed274e1XXXXXXXXXXXXXXX"$l.Pair($applicationId,$secretkey,$args[0])$l.Status($applicationId,$secretkey,$accountID)$l.UnPair($applicationId,$secretkey,$accountID) This commands will return a JSON you can parse, just like the specifications in https://latch.elevenpaths.com suggest. An example of using this scripts for pairing, getting the status and unparing For another approach to this problem, the SDK for powershell may be used, that will be available soon. Latch Event Monitor: New tool to integrate Latch with Windows EventsHeartbleed plugin, ready for FaasT
Sergio De Los Santos New App to Clean Metadata More Easily We are not going to repeat the dangers of metadata, since it has been discussed for quite some time now. However, we can try to make its management and cleaning simpler. Some...
ElevenPaths We Announce Our Digital Operation Centers, Where All Our Digital Services Are Focused The Telefónica Cybersecurity Unit holds its VII Security Innovation Day, under the motto ‘Guards for Digital Lives.’With speakers such as Chema Alonso, Pedro Pablo Pérez, Julia Perea and Ester...
Innovation and Laboratory Area in ElevenPaths EasyDoH Update Hot off the Press: New Improvements and Functionalities Just a few weeks ago, we launched EasyDoH: an extension for Firefox that simplifies the use of DNS over HTTPS. We have been asked about its improvements and several...
Innovation and Laboratory Area in ElevenPaths Google report 17% of Microsoft vulnerabilities. Microsoft and Qihoo, 10% Who finds more vulnerabilities in Microsoft products? What percentage of vulnerabilities are discovered by Microsoft, other companies or vulnerability brokers? How many flaws have unknown discoverers? Over this report we have analyzed...
Innovation and Laboratory Area in ElevenPaths EasyDoH: our new extension for Firefox that makes DNS over HTTPS simpler A year ago, the IETF has raised to RFC the DNS over HTTPS proposal. This new is more important than it may seem. For two reasons: firstly, it’s a...
Sergio De Los Santos Facebook signed one of its apps with a private key shared with other Google Play apps since 2015 Facebook Basics is a Facebook app aimed at countries with poor connectivity, where a free access service to WhatsApp and Facebook is provided. It has been discovered that the Android version...
