Hidden Networks

Hidden Networks is a POC that is programmed using Python 3.4. It facilitates the task of analysing local and remote machines in searching for traces of connections by USB devices

Description

There are three main operations. The first is to extract information from a local machine from a list of computers on a network (domain) or directly plot the network from a previously generated CSV file. The main step before performing any of these operations (except the option of ploting a unique CSV) is to create or open a new project.

- Extract information from the local machine (“Get local registry info”). Information on the USB devices that are inserted into the machine which is executing the application can be viewed or stored (if we select the option “Save output to CSV file”) in the export files CSV and JSON. Finally, we can visualize the output network by selecting the option “Plot Project”.
- Extract information from machines on the network (“Retrieve remote info”). The step preceding this operation is to create a text file with the IP addresses of the computers to be audited or their FQDN. Once that list has been created, it must be loaded by selecting “Load list of computers”. Once the list has been loaded, the administrator’s username and password must be entered (the domain is not necessary; by default, the domain of the machine from which the application is being executed will be used). The state of execution and the extracted data will be shown in the window “Output”. This data will also be stored in the project’s CSV and JSON files. Finally, we can view the resulting network by selecting the option “Plot Project”.
- Plot the network with a CSV file (“Plot single CSV”). Through this option, the network generated through the application beforehand can be ploted directly.

Functionalities

Hidden Networks is a new proof of concep, based on this paper, that is programmed using Python 3.4. It facilitates the task of analysing local and remote machines (within a domain, using WMI) in searching for traces of connections by USB devices. With the information that is collected, this concept test plots a network that shows the path or jumps between such USB devices and the computers to which they have been connected. In this way, an alternative network is depicted. The same application will generate networks (one for each device) and all of the collected information is stored in two files (.CSV and .JSON) for subsequent analysis and exportation.

Recover Popcorn

This tool recovers the password required to decrypt those files encrypted by the first version of PopCorn ransomware that appeared by the end of 2016.

Wannacry File Restorer

Wannacry File Restorer allows recovering files left in the middle of the Wannacry malware encryption process on a computer. Thanks to this PoC, these files can be recovered.

Antiransomware

Antiransomware is a tool that adds a layer of authorization in Windows systems on “protected” folders so that any write or delete operation of the files is denied.