Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
Alejandro Maroto Steps to move security solutions forward in the face of current world challenges Palo Alto Networks founder Nir Zuk recently addressed the Telefónica Global Security Summit with some thoughts to share on the direction of security and implications of the COVID-19 pandemic....
Innovation and Laboratory Area in ElevenPaths ChainLock, A Linux Tool for Locking Down Important Files Let’s say you have a valuable file on your computer, such as a bitcoin wallet file (“wallet.dat”), or some other file with sensitive information, and you decide put a...
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
ElevenPaths New tool: “Web browsers HSTS entries eraser”, our Metasploit post exploitation module This module deletes the HSTS/HPKP database of the main browsers: Chrome, Firefox, Opera, Safari and wget in Windows, Mac and Linux. This allows an attacker to perform man in...
David García Bestiary of a Poorly Managed Memory (III) Our expert David Garcia explains some consequences of poor memory management such as dangling pointers or memory leaks.
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
Miguel Ángel Martos Has the Office as We Know It Come to an End? 2020 has had a difficult start. We have learned that what was “usual” may not be the best. We should reconsider this idea of “the office” as the centre...
Andrés Naranjo Analysis of APPs Related to COVID19 Using Tacyt (I) Taking advantage of all the attention this issue is attracting, the official app markets, Google Play and Apple Store, have been daily deluged with applications. Both platforms, especially Android,...
Do You Dare to Develop a TheTHE Plugin? #EquinoxRoom111 ContestInnovation and Laboratory Area in ElevenPaths 21 April, 2020 A given IOC comes to your hands, for instance a hash, URL, IP or suspicious domain. You need to find out some basic information: Is it malware? Is it in any repository? Since when? Whois? Country of origin? Is it in pastebin? You start to open tabs, enter passwords in the different services and launch queries. Hopefully, you have an API shared with a co-worker and, after checking several systems, you open a TXT file to recopy the data to the intelligence platform. Your co-worker, who you share those APIs and passwords with but who is on your computer elsewhere in the world, does the same because the same IOC has also reached their hands. This is over with TheTHE. The higher number of plugins, the better. It doesn’t matter if an APIKey or a password is required, anything is possible. So we encourage you to participate in this contest. How Do I Participate? The challenge is to develop a plugin for TheTHE that is not already done. You can see the whole list through the following link https://thethe.e-paths.com, along with the link to the tool, how to install it, etc. Some ready-made plugins are: abuseipdb, DIARIO, emailrep, geoip, haveibeenpwned, hunterio, maltiverse, metagoofil, pastebin, phishtank, robtex, sherlock, shodan, tacyt, urlscan, verifymail, virustotal, whois, etc. How Should I Do It? If you wish to take part, you must be familiar with Python and Vue. The detailed instructions to develop a plugin can be found here: https://github.com/ElevenPaths/thethe/wiki/How-to-create-a-Plugin-(backend) What Is Evaluated? The features of the plugin that will be evaluated are its originality, how well it is programmed, its usefulness, etc. Everything related to IoCs and Threat Intelligence is valid, whether accessible by API or command line tools. Some ideas: AlienVault, CrowdStrike, Team-Cymru, MalwareCheck, blockchain.info, ThreatGrid, etc. Please note that if a paid APIKey is required, we may not be able to evaluate the plugin. Where Do I Send It? What Is the Deadline? You can send your solutions to labs@11paths.com until May 15, 2020 at 12am (Spanish time). You will receive a confirmation of receipt of the plugin. We will announce the winner by the end of May. What Is the Prize? The prize is an Amazon Gift Card worth 111 euros. Even if you don’t win, we will publish your plugin explicitly mentioning you on our TheTHE Github. What Kind of Professionals Work in Our Security Operations Center (SOC)?DataCOVID-19: Fighting the Coronavirus by Using the Approximate Location Data of Your Smartphone
Franco Piergallini Guida How to Trick Apps That Use Deep Learning for Melanoma Detection One of the great achievements of deep learning is image classification using convolutional neural networks. In the article “The Internet of Health” we find a clear example where this...
ElevenPaths Cyber Security Weekly Briefing February 13-19 Privilege escalation vulnerability in Windows Defender SentinelLabs researcher Kasif Dekel has discovered a new vulnerability in Windows Defender that could have been active for more than twelve years. The flaw,...
Gonzalo Álvarez Marañón Functional Cryptography: The Alternative to Homomorphic Encryption for Performing Calculations on Encrypted Data — Here are the exact coordinates of each operative deployed in the combat zone.— How much?— 100.000.— That is too much.— And a code that displays on screen the...
ElevenPaths WhatsApp, Telegram or Signal, Which One? In the world of smartphones, 2021 began with a piece of news that has left no one indifferent: the update of WhatsApp’s terms and conditions of use. This measure,...
Sergio De Los Santos 26 Reasons Why Chrome Does Not Trust the Spanish CA Camerfirma From the imminent version 90, Chrome will show a certificate error when a user tries to access any website with a certificate signed by Camerfirma. Perhaps it is not...
ElevenPaths Cyber Security Weekly Briefing February 6-12 Attempted contamination of drinking water through a cyber-attack An unidentified threat actor reportedly accessed computer systems at the City of Oldsmar’s water treatment plant in Florida, US, and altered the...