ElevenPaths Cyber Security Weekly Briefing April 3-9 Malware distribution campaign via LinkedIn The eSentire research team has published details on the analysis of a new malware distribution campaign via LinkedIn. Threat actors are sending zipped files under...
ElevenPaths No Pain, No Gain: Let´s Hack 2021 “No pain, no gain”, you have probably heard this on more than one occasion. An expression that is used endlessly in different environments, in a time when the body...
ElevenPaths Cybersecurity Weekly Briefing September 12-18 PoC for Critical Vulnerability on Netlogon Secura researchers have published a tool to check whether a domain controller is vulnerable to the CVE-2020-1472 vulnerability on Netlogon. Last month, Microsoft patched...
ElevenPaths Telefónica and Subex sign a global framework agreement to provide a disruptive FMaaS solution Madrid— June 18, 2017— Subex Limited, a leading telecom analytics solution provider, has been selected by ElevenPaths, Telefónica’s Cybersecurity Unit to offer a Fraud Management-as-a- Service (FMaaS) solution. Telefónica is one...
ElevenPaths Cyber Security Weekly Briefing April 3-9 Malware distribution campaign via LinkedIn The eSentire research team has published details on the analysis of a new malware distribution campaign via LinkedIn. Threat actors are sending zipped files under...
ElevenPaths No Pain, No Gain: Let´s Hack 2021 “No pain, no gain”, you have probably heard this on more than one occasion. An expression that is used endlessly in different environments, in a time when the body...
ElevenPaths DNS over HTTPS (DoH) is already here: the controversy is served Recently, the IETF has raised to RFC the DNS over HTTPS proposal. In other words, this means resolving domains through the well-known HTTPS, with its corresponding POST, GET and certifications...
ElevenPaths Cyber Security Weekly Briefing December 5-11 Microsoft Security Newsletter On December 8, Microsoft published its monthly security update newsletter, which this time includes patches for 58 vulnerabilities and an advisory for various Microsoft products. Nine of...
ElevenPaths Cyber Security Weekly Briefing April 3-9 Malware distribution campaign via LinkedIn The eSentire research team has published details on the analysis of a new malware distribution campaign via LinkedIn. Threat actors are sending zipped files under...
ElevenPaths No Pain, No Gain: Let´s Hack 2021 “No pain, no gain”, you have probably heard this on more than one occasion. An expression that is used endlessly in different environments, in a time when the body...
ElevenPaths Cybersecurity Weekly Briefing September 19-25 New attack vector for vulnerability in Citrix Workspace Pen Test Partners security researcher Ceri Coburn has discovered a new attack vector for the CVE-2020-8207 vulnerability in Citrix Workspace corrected in...
ElevenPaths The hugest collection of usernames and passwords has been filtered…or not (I) Sometimes, someone frees by mistake (or not) an enormous set of text files with millions of passwords inside. An almost endless list of e-mail accounts with their passwords or...
IoT Device Search Engines: Why Choose if We Can Use All of Them?Nacho Brihuega 5 May, 2020 Current IoT device search portals are widely known and used by the hacker community to make queries or to get a first picture of the services enabled in a pentesting. Due to the current situation of confinement, many organisations had to implement in a very short time the necessary infrastructure to guarantee that their employees could telework. Quickly, making use of these search engines, a high level of services enabled for this purpose was detected − most of them RDP. At the beginning of the confinement, there were 29,657. Ten hours later it increased to 29,835, and to this day (when this post was written) there are 34,753. The main cities where technological activity stands out. Bear in mind: no to public RDP, yes to VPN. This means that RDP services that may be vulnerable to BlueKeep are being released (https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708) because the relevant security patches have not been applied. What Are the Implications of This? Since the beginning of the lockdown, a high number of phishing campaigns or file attachments containing malware that used the COVID-19 as bait have already been detected. In the end the same actors are always behind these threats. To detect peaks like these or to collect information from these search engines, we should not limit ourselves to one of them, but instead use as many as we can and compare the resulting data. Some search engines are: Shodan: https://www.shodan.io/ Censys: https://censys.io/ BinaryEdge: https://www.binaryedge.io/. We already talked about it here: https://empresas.blogthinkbig.com/binaryegde-portal-mas-que-un-buscador-de-activos/(Blog post only available in Spanish) Onyphe: https://www.onyphe.io/ The Heisenberg Script As automation is a must, we have collected a couple of scripts for each of the services and unified them into one that queries each service so we can quickly have a first look. I have called this script “Heisenberg”, you can find it in my github. Below we let you some questions to understand the features of the script: What does it do? Getting open ports from Shodan, Censys, BinaryEdge and Onyphe services.What is its programming language? Python3.What do we need? Free API of these services.Can we export the results? Yes, in .xlsx. Having seen this, let’s move on to the use of the tool. Through the option h the help is displayed: As you can see, the script expects to receive the IP addresses in a .txt document via the -i parameter and the necessary APIs via the -a parameter. Regarding the file containing the APIs, below you can find an example of what the file would look like: An example as a proof of concept for its use is shown below: At the end of the program, the output is obtained: You have the option to export the results in Excel, with the result of the ports according to each service: Because of the current confinement situation, we would like to take advantage of the functionalities of these services to add some additional options such as an extra column including the summary of identified ports or to develop a database connector. We hope you liked it. See you in the next one. Bestiary of a Poorly Managed Memory (I)Bestiary of a Poorly Managed Memory (II)
ElevenPaths Cyber Security Weekly Briefing April 3-9 Malware distribution campaign via LinkedIn The eSentire research team has published details on the analysis of a new malware distribution campaign via LinkedIn. Threat actors are sending zipped files under...
ElevenPaths No Pain, No Gain: Let´s Hack 2021 “No pain, no gain”, you have probably heard this on more than one occasion. An expression that is used endlessly in different environments, in a time when the body...
ElevenPaths What is VPN and What is It For? VPN connections are nothing new, they have been with us for a long time, always linked to the business world. The great versatility and its different uses have made...
ElevenPaths Cyber Security Weekly Briefing March 20-26 Analysis of the new cyber-espionage group SilverFish The PRODAFT Threat Intelligence team (PTI) has discovered a highly sophisticated cybercriminal group called SilverFish, which operates exclusively against large enterprises and public...
ElevenPaths Cyber Security Mechanisms for Everyday Life It is becoming more and more common to find in the general media news related to cyber-attacks, data breaches, privacy scandals and, in short, all kinds of security incidents....
ElevenPaths Everything You Need to Know About SSL/TLS Certificates What is a digital certificate? Secure Sockets Layer/Transport Layer Security digital certificate is the most widely used security protocol that enables encrypted data transfer between a web server and a...