quinta-feira, 20 de agosto de 2020

Sinter - A User-Mode Application Authorization System For MacOS Written In Swift


Sinter is a 100% user-mode endpoint security agent for macOS 10.15 and above, written in Swift.
Sinter uses the user-mode EndpointSecurity API to subscribe to and receive authorization callbacks from the macOS kernel, for a set of security-relevant event types. The current version of Sinter supports allowing/denying process executions; in future versions we intend to support other types of events such as file, socket, and kernel events.
Sinter is a work-in-progress. Feedback is welcome. If you are interested in contributing or sponsoring us to help achieve its potential, let's get in touch.

Features
  • Allow or deny process execution by code directory hash (aka "CD hash")
    • option to deny all unknown programs (any program that is not explicitly allowed)
    • option to deny all unsigned programs
    • option to deny all programs with invalid signatures
  • "monitor" mode to track and log (but allow) all process execution events
  • Accepts allow/deny rules from a Santa sync-server
  • Configure deny rules in JSON, provided locally or by a sync-server
  • Log to the local filesystem in a structured JSON format
Planned upcoming features:

Anti-Features
  • Does not use kernel extensions (which will be officially deprecated in macOS 11 Big Sur)
  • Does not support legacy macOS (10.14 or older)
  • Does not use any memory unsafe code
  • Limits third-party library dependencies
  • Not an anti-malware or anti-virus. No signature database. Denies only what you tell it to deny, using rules.

Background
The first open-source macOS solution for allowing/denying processes was Google Santa. We're fans of Santa, and have contributed to its codebase in the past. For a long time, however, many in the macOS community have asked for an open-source solution to track and manage more than just process events.
We saw the ideal platform to build such a capability with the EndpointSecurity API in macOS 10.15. Starting from the ground-up around a strictly user-mode API meant that we could attempt a simpler design, and use a modern programming language with safer memory handling and better performance. Thus, we set out to develop Sinter, short for "Sinter Klausen," another name for Santa Claus.

Getting Started
Download and install the latest version of Sinter using the pkg installer link from the Releases page.
After installing Sinter, you must enable the "Full Disk Access" permission for Sinter.app. Do this by opening System Preferences, Security, Privacy tab, Full Disk Access. Check the item for Sinter.app. If using MDM, you can automatically enable this permission on your endpoints, and no user interaction will be required.

Configuration
Sinter requires a configuration file to be present at /etc/sinter/config.json. An example is provided in the source tree at ./config/config.json:
{
  "Sinter": {
    "decision_manager": "local",
    "logger": "filesystem",

    "allow_unsigned_programs": "true",
    "allow_invalid_programs": "true",
    "allow_unknown_programs": "true",
    "allow_expired_auth_requests": "true",
    "allow_misplaced_applications": "true",

    "config_update_interval": 600,

    "allowed_application_directories": [
      "/bin",
      "/usr/bin",
      "/usr/local/bin",
      "/Applications",
      "/System",
      "/usr/sbin",
      "/usr/libexec",
    ],
  },
  
  "FilesystemLogger": {
    "log_file_path": "/var/log/sinter.log",
  },

  "RemoteDecisionManager": {
    "server_url": "https://server_address:port",
    "machine_identifier": "identifier",
  },

  "LocalDecisionManager": {
    "rule_database_path": "/etc/sinter/rules.json",
  }
}
The decision manager plugin can be selected by changing the decision_manager value. The local plugin will enable the LocalDecisionManager configuration section, pointing Sinter to use the local rule database present at the given path. It is possible to use a Santa-compatible sync-server, by using the sync-server plugin instead. This enables the RemoteDecisionManager configuration section, where the server URL and machine identifier can be set.
There are two logger plugins currently implemented:
  1. filesystem: Messages are written to file, using the path specified at FilesystemLogger.log_file_path
  2. unifiedlogging: Logs are emitted using the Unified Logging, using com.trailofbits.sinter as subsystem.

Allowed application directories
It is possible to configure Sinter to log and optionally deny applications that have not been started from an allowed folder.
  • allow_misplaced_applications: If set to true, misplaced applications will only generate a warning. If set to false, any execution that does not starts from a valid path is denied.
  • allowed_application_directories: If non-empty, it will be used to determine if applications are placed in the wrong folder.

Enabling UI notifications
  1. Install the notification server (the PKG installer will do this automatically): sudo /Applications/Sinter.app/Contents/MacOS/Sinter --install-notification-server
  2. Start the agent: /Applications/Sinter.app/Contents/MacOS/Sinter --start-notification-server

Configuring Sinter in MONITOR mode
Modes are not implemented in Sinter, as everything is rule-based. It is possible to implement the monitoring functionality by tweaking the following settings:
  • allow_unsigned_programs: allow applications that are not signed
  • allow_invalid_programs: allow applications that fail the signature check
  • allow_unknown_programs: automatically allow applications that are not covered by the active rule database
  • allow_expired_auth_requests: the EndpointSecurity API requires Sinter to answer to an authorization requests within an unspecified time frame (typically, less than a minute). Large applications, such as Xcode, will take a considerable amount of time to verify. Those executions are denied by default, and the user is expected to try again once the application has been verified. Setting this configuration to true changes this behavior so that those requests are always allowed.

Rule format
Rule databases are written in JSON format. Here's an example database that allows the CMake application bundle from cmake.org:
{
  "rules": [
    {
      "rule_type": "BINARY",
      "policy": "ALLOWLIST",
      "sha256": "BDD0AF132D89EA4810566B3E1E0D1E48BAC6CF18D0C787054BB62A4938683039",
      "custom_msg": "CMake"
    }
  ]
}
Sinter only supports BINARY rules for now, using either ALLOWLIST or DENYLIST policies. The code directory hash value can be taken from the codesign tool output (example: codesign -dvvv /Applications/CMake.app). Note that even though the CLI tools can acquire the full SHA256 hash, the Kernel/EndpointSecurity API is limited to the first 20 bytes.

Building from Source
Building Sinter requires certain code-signing certificates and entitlements that Apple must grant your organization. However, Sinter can still be built from source and run locally on a test system with SIP disabled. For instructions, see the Sinter wiki.




via KitPloit
This article is the property of Tenochtitlan Offensive Security. Verlo Completo --> https://tenochtitlan-sec.blogspot.com

More information


  1. What Are Hacking Tools
  2. Hacker Tools Mac
  3. Hacker Tools 2019
  4. What Is Hacking Tools
  5. Hacking Tools For Mac
  6. Hack Tools Online
  7. Pentest Tools Subdomain
  8. Computer Hacker
  9. Hacking Tools 2020
  10. Pentest Automation Tools
  11. Hack Tools Pc
  12. Hacker Tools Apk
  13. Hacking Tools Name
  14. Pentest Tools Find Subdomains
  15. Free Pentest Tools For Windows
  16. Hacking Tools For Beginners
  17. Hack And Tools
  18. Pentest Tools Website
  19. Hack Tool Apk No Root
  20. Hacking Tools Pc
  21. Pentest Tools Download
  22. Easy Hack Tools
  23. Hack And Tools
  24. Hacker Tools Github
  25. Hacker Tool Kit
  26. Hack Website Online Tool
  27. Hackers Toolbox
  28. Hack Tools For Mac
  29. Hack And Tools
  30. Tools For Hacker
  31. Hacking Tools Software
  32. Hacker Tools Windows
  33. Hacker Techniques Tools And Incident Handling
  34. Hacker Hardware Tools
  35. Pentest Reporting Tools
  36. Hacking Tools For Windows 7
  37. Black Hat Hacker Tools
  38. Best Hacking Tools 2020
  39. How To Hack
  40. Hackrf Tools
  41. Tools For Hacker
  42. Hack App
  43. Hacker Search Tools
  44. Hackers Toolbox
  45. Free Pentest Tools For Windows
  46. Pentest Tools Framework
  47. Pentest Tools Download
  48. Pentest Tools Tcp Port Scanner
  49. Pentest Tools Windows
  50. Pentest Tools Android
  51. Hacker Tools For Pc
  52. Pentest Tools Nmap
  53. Hackrf Tools
  54. Hacker Tools For Windows
  55. World No 1 Hacker Software
  56. Hackrf Tools
  57. Hacking Tools For Games
  58. Hack Tools 2019
  59. Hacking Tools Online
  60. Hacker Tools Free Download
  61. Hacker Tools For Windows
  62. Hacking Tools For Beginners
  63. Hack Website Online Tool
  64. Black Hat Hacker Tools
  65. Hacking Tools Mac
  66. Hacking Tools Mac
  67. Hacking Tools Kit
  68. Kik Hack Tools
  69. Hacking Tools Free Download
  70. Hacking Tools Software
  71. Pentest Tools For Ubuntu
  72. Pentest Tools Apk
  73. Pentest Tools Bluekeep
  74. Ethical Hacker Tools
  75. Pentest Tools Framework
  76. Hacker Tools Hardware
  77. Underground Hacker Sites
  78. Hacking Tools For Windows 7
  79. Hack App
  80. Hacking Tools Online
  81. Hack Tool Apk No Root
  82. Pentest Tools Online
  83. Github Hacking Tools
  84. World No 1 Hacker Software
  85. Ethical Hacker Tools
  86. Hack Apps
  87. Best Hacking Tools 2020
  88. Hacking Tools 2020
  89. Hacker Tools 2019
  90. Hacking Tools
  91. How To Install Pentest Tools In Ubuntu
  92. Hack Apps
  93. Pentest Tools Port Scanner
  94. Tools Used For Hacking
  95. Hacking Tools Hardware
  96. World No 1 Hacker Software
  97. Ethical Hacker Tools
  98. How To Hack
  99. Hacking Tools For Windows
  100. How To Install Pentest Tools In Ubuntu
  101. Termux Hacking Tools 2019
  102. Best Pentesting Tools 2018
  103. What Are Hacking Tools
  104. Hacking Tools Windows 10
  105. Hacking Tools And Software
  106. Hacking Tools Pc
  107. Pentest Tools
  108. Pentest Tools Url Fuzzer
  109. Hacker Tools For Ios
  110. Hacking Tools Usb
  111. Hacker Tools Apk
  112. Hack Website Online Tool
  113. Install Pentest Tools Ubuntu
  114. Pentest Reporting Tools
  115. Hack Tools For Games
  116. Pentest Tools Free
  117. Hack Tool Apk
  118. Hack Tools Mac
  119. How To Hack
  120. Tools Used For Hacking
  121. Hack Tools For Mac
  122. Hack Tools Mac
  123. Hacker Tools Free Download
  124. World No 1 Hacker Software
  125. Pentest Tools Windows
  126. Hacking Tools For Windows Free Download
  127. Pentest Tools Kali Linux
  128. Hacks And Tools
  129. Pentest Tools Download
  130. Hacking Tools For Kali Linux
  131. Hackrf Tools
  132. Hacker Tools Apk
  133. How To Hack
  134. Hacker Security Tools
  135. Hacking Tools For Windows
  136. Blackhat Hacker Tools
  137. Pentest Tools Free
  138. Blackhat Hacker Tools
  139. Hacker Tools Online
  140. Hacker Tools Apk Download
  141. Hacking Tools Kit
  142. Hack Tools
  143. Hacker Tools Free
  144. Pentest Tools Open Source
  145. Hacking Tools For Games
  146. Pentest Tools Tcp Port Scanner
  147. Pentest Tools Linux
  148. Hacker Tools List
  149. Hacking Tools Mac
  150. Hacking Tools For Games
  151. Pentest Tools Bluekeep
  152. Hack App
Postado por às

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)