Boosting Security: New Tools for Analyzing Extensions, Auditing OS Updates, and More
Recently, the cybersecurity community has unveiled several innovative tools designed to enhance the security of various platforms and applications. These advancements address a broad range of objectives, from analyzing browser extensions to auditing operating systems for missing security updates.
BootExecuteEDR, created by researcher Rad, is a tool engineered to disable Endpoint Detection and Response (EDR) solutions using local native applications. Leveraging the Boot Execute mechanism, it allows applications to run before Windows is fully initialized, thereby bypassing security measures. However, employing this method requires administrative privileges and access to system directories.
CRXaminer serves as a utility for scrutinizing Chrome extensions for vulnerabilities. It examines how extensions interact with data and assesses their permissions. CRXaminer can be utilized either locally or online, with its source code available on GitHub and an online version accessible via the official website.
Malimite, developed by security specialist LaurieWired, is a tool designed for decompiling iOS applications. Built on Ghidra, it supports Swift, Objective-C, and iOS resources. Malimite enables researchers to analyze and decode IPA files, offering deeper insights into the architecture and functionality of iOS applications.
Vanir, a tool created by Google, identifies missing security updates in Android systems. It employs static code analysis to detect vulnerabilities and automates the auditing process. Vanir is suitable for developers and Android device maintainers alike. While initially tailored for Android, the tool can be adapted to other ecosystems with minimal adjustments.
These tools showcase diverse approaches to tackling security challenges, ranging from application analysis to ensuring the timeliness of updates. Each provides researchers and developers with new opportunities to explore and fortify data protection in their respective domains.
