Innovation and Laboratory Area in ElevenPaths Uncovering APTualizator: the APT that patches Windows By the end of June 2019, we assisted to an incident were a high number of computers had started to reboot abnormally. In parallel, Kaspersky detected a file called swaqp.exe, which apparently...
Innovation and Laboratory Area in ElevenPaths #CyberSecurityReport19H1: 45,000 apps removed from Google Play, 2% of them detected by antiviruses Currently, there are a number of reports addressing trends and summaries on security. However, at ElevenPaths we want to make a difference. Our Innovation and Labs team has just...
ElevenPaths Trend Report: State of Cybersecurity in Spanish companies The team of analysts at ElevenPaths has carried out a study that aims to show the state of cybersecurity of both Spanish companies in general and those included in...
ElevenPaths #CyberSecurityPulse: Oops, I Went Running and I Published Information From Secret Locations The popular fitness tracking app Strava proudly published a 2017 heat map showing activities from its users around the world, but unfortunately, the map revealed locations of the United...
Innovation and Laboratory Area in ElevenPaths EasyDoH: our new extension for Firefox that makes DNS over HTTPS simpler A year ago, the IETF has raised to RFC the DNS over HTTPS proposal. This new is more important than it may seem. For two reasons: firstly, it’s a...
Sergio De Los Santos Facebook signed one of its apps with a private key shared with other Google Play apps since 2015 Facebook Basics is a Facebook app aimed at countries with poor connectivity, where a free access service to WhatsApp and Facebook is provided. It has been discovered that the Android version...
ElevenPaths #CyberSecurityPulse: Guess Riddle… How Is Information Stored In a Bitcoin Address? As we have seen in previous post on ElevenPaths blog, the OP_RETURN field of a Bitcoin transaction is used to store a small portion of information (up to 80...
ElevenPaths Technically analysing a SIEM… are your logs secure? The SIEMs are usually utilized within highly secure of regulated environments, where regular log monitoring and analysis is required to search for security incidents. They help to make...
Sergio De Los Santos Facebook signed one of its apps with a private key shared with other Google Play apps since 2015 Facebook Basics is a Facebook app aimed at countries with poor connectivity, where a free access service to WhatsApp and Facebook is provided. It has been discovered that the Android version...
ElevenPaths New tool: Masked Extension Control (MEC), don’t trust Windows extensions Windows relies too much on extensions to choose the program that must process a file. For instance, any .doc file will be opened by Word, regardless of its “magic...
ElevenPaths Tackling Cybercrime: Three Recommendations for 2018 In 2017 we saw ransomware variants such as Wannacry wreak havoc across computer networks in the UK. Not only were these variants of malware almost impossible to remove from...
ElevenPaths Why you are late delivering all your projects and what you can do to address it Anyone who causes harm by forecasting should be treated as either a fool or a liar. Some forecasters cause more damage to society than criminals. —Nassim Taleb, The Black Swan, 2007 In 1957,...
New plugins for FOCA: HaveIBeenPwned and SQLiElevenPaths 19 March, 2018 Following the publication of Foca OpenSource, a lot of people are now enthusiatic about the idea of adding new plugins or improving existing ones. On this occasion, we present two new plugins to get even more out of FOCA. In a joint effort between the Laboratory team and CSAs team, mainly, at the hands of José Sperk and Carlos Ávila, we have set to work to improve a plugin which has been in high demand: the one of SQLinjection. To do this, we have decided to interact with one of the most utilised hacking tools in the market, the famous SQLMap. From this, we have advanced with the development of a plugin which allows us to detect and exploit SQL injection vulnerabilities in web applications, using REST-JSON API of SQLMap, but from a friendlier and more well-known graphic environment, such as that of the FOCA. The following video shows you how to download and utilise the SQLI plugin in FOCA, taking into account that previously you must download and install SQLMap on your computer to launch the scans from there. If you prefer or you have installed SQLMap on another computer, you can also select “Remote Server API” and connect from the FOCA OpenSource to launch scans remotely As if that was not enough, we have also created another new haveibeenpwned plugin for Foca which interacts through the https://haveibeenpwned.com/ APIs and with http://hesidohackeado.es/. In this way, the email addresses which you find whilst analyzing the metadata with FOCA OpenSource, can be directly consulted from the application against those two data bases. Likewise, if you have a file with an address list which you want to verify, you can do it directly from this plugin. The following video shows how it works. Finally, we have released the source code for PluginApi.dll, in charge of communicating the plugins with FOCA, providing different options to make the most of the results of the analyses of which we carry out. Remember that if you want to add new plugins, we have provided several examples that contain everything you need to develop a new one. All of this is available in our FOCA market, where you are welcome to participate with your proposals. Claudio Caracciolo Team Leader of the CSA and the Bs. As. Research Office at ElevenPaths Innovation and Laboratory claudio.caracciolo@11paths.com @holesec #CyberSecurityPulse: Biggest-Ever DDoS Attack Hits Github Website#CyberSecurityPulse: PyeongChang Olympics: A New False Flag Attack?
Innovation and Laboratory Area in ElevenPaths EasyDoH: our new extension for Firefox that makes DNS over HTTPS simpler A year ago, the IETF has raised to RFC the DNS over HTTPS proposal. This new is more important than it may seem. For two reasons: firstly, it’s a...
Sergio De Los Santos Facebook signed one of its apps with a private key shared with other Google Play apps since 2015 Facebook Basics is a Facebook app aimed at countries with poor connectivity, where a free access service to WhatsApp and Facebook is provided. It has been discovered that the Android version...
ElevenPaths New tool: Masked Extension Control (MEC), don’t trust Windows extensions Windows relies too much on extensions to choose the program that must process a file. For instance, any .doc file will be opened by Word, regardless of its “magic...
Innovation and Laboratory Area in ElevenPaths Five interesting own tools that you may have missed (and a surprise) This time we are going to rehash a blog entry by gathering some of the own tools that we have recently developed and we consider of interest. We summarize...
Innovation and Laboratory Area in ElevenPaths Uncovering APTualizator: the APT that patches Windows By the end of June 2019, we assisted to an incident were a high number of computers had started to reboot abnormally. In parallel, Kaspersky detected a file called swaqp.exe, which apparently...
Innovation and Laboratory Area in ElevenPaths #CyberSecurityReport19H1: 45,000 apps removed from Google Play, 2% of them detected by antiviruses Currently, there are a number of reports addressing trends and summaries on security. However, at ElevenPaths we want to make a difference. Our Innovation and Labs team has just...
