EmetRules: The tool to create «Pin Rules» in EMETElevenPaths 6 diciembre, 2013 EMET, the Microsoft tool, introduced in its 4.0 version the chance to pin root certificates to domains, only in Internet Explorer. Although useful and necessary, the ability to associate domains to certificates does not seem to be very used nowadays. It may be hard to set and use… we have tried to fix it with EmetRules. To pin a domain with EMET it is necessary Check the certificate in that domain Check its root certificate Check its thumbprint Create the rule locating the certificate in the store Pin the domain with its rule Steps are summarized in this figure: It is quite a tedious process, much more if your target is to pin a big number of domains at once. In Eleven Paths we have studied how EMET works, and created EmetRules, a little command line tool that allows to complete all the work in just one step. Besides it allows batch work. So it will connect to domain or list indicated, will visit 443 port, will extract SubjectKey from its root certificate, will validate certificate chain, will create the rule in EMET and pin it with the domain. All in one step. EmetRules de ElevenPaths The way it works is simple. The tools needs a list of domains, and will create its correspondent XML file, ready to be imported to EMET, even from the tool itself (command line). Some options are: Parameters: «urls.txt»: Is a file containing the domains, separated by «n». Domains may have «www» on them or not. If not, EMET will try both, unless stated in «d» option (see below). «output.xml» specifies the path and filename of the output file where the XML config file that EMET needs will be created. If it already exists, the program will ask if it should overwrite, unless stated otherwise with «-s» option (see below). Options: t|timeout=X. Sets the timeout in milliseconds for the request. Between 500 and 1000 is recommended, but it depends on the trheads used. 0 (by default) states for no timeout. In this case, the program will try the connection until it expires. «s», Silent mode. No output is generated or question asked. Once finished it will not ask if you wish to import the generated XML to EMET. «e», This option will generate a TXT file named «error.txt» listing the domains that have generated any errors during connection. This list may be used again as an input for the program. «d». This option disables double checking, meaning trying to connect to main domain and «www» subdomain. If the domain with «www» is used in «url.txt», no other will be connected. If not, both will be connected. With this option, it will not. c|concurrency=X. Sets the number of threads the program will run with. 8 are recommended. By default, only one will be used. «u». Every time the program runs, it will contact central servers to check for a new version. This option disables it. Tool is intended mainly for admins or power users that use Internet Explorer and want to receive an alert when a connection to a domain is suspected to be «altered». Pinning system in EMET is far to be perfect, and even the warning displayed is very shy (it allows to get to the suspected site), but we think is the first step to what it will be, for sure, an improved feature in the future. It may be downloaded from: http://elevenpaths.com/downloads/emetrules.zip We encourage you to use it. Cómo se comprueba la integridad de un programa en JavaEl extraño caso del gobierno francés que crea certificados falsos para Google
Carlos Rebato Criptografía, una herramienta para proteger los datos compartidos en la red Actualmente, la Ciberseguridad representa un aspecto primordial en las empresas. No obstante, cada día surgen nuevos modos de atentar contra ella. Muchos se han preguntado: ¿de qué manera las...
Roberto García Esteban ChatGPT y Cloud Computing: un matrimonio bien avenido ChatGPT (quizá no sepas que son las siglas de Chat Generative Pre-Trained Transformer) está en boca de todos por su impresionante habilidad para generar textos que parecen escritos por...
David Prieto Marqués La importancia del control de acceso: ¿está tu empresa protegida? Por David Prieto y Rodrigo Rojas En un mundo cada vez más digitalizado y complejo, la seguridad de la información es fundamental para las empresas. A medida que las empresas...
Telefónica Tech Boletín semanal de Ciberseguridad, 22 – 26 de mayo GitLab parchea una vulnerabilidad crítica GitLab ha abordado una vulnerabilidad crítica que afecta a GitLab Community Edition (CE) y Enterprise Edition (EE) en la versión 16.0.0. En concreto, dicho fallo...
David García ¿Salvará Rust el mundo? (II) Segunda entrega en la que descubrimos cómo Rust, el lenguaje de programación de código abierto centrado en la seguridad, mejora el panorama en cuanto a vulnerabilidades basadas en errores...
Sergio de los Santos Cuatro hitos en Ciberseguridad que marcaron el futuro del malware Un recorrido por los 15 años que ha dedicado Microsoft para consolidar una estrategia que ha repercutido en la Ciberseguridad a nivel global