Navigation Menu

Skip to content

technion/open_safety

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Open Safety

An improvement on the "map .js files to notepad" trick

Designed to assist with securing environments by ensuring such blocking events raise significant alarms. For background and more information, see this blog post

Installation

Enterprise

  • Deploy the executable to an appropriate location
  • Replace notepad.exe mappings in Group Policies with the new location

SMB/Home User

Usage

A typical intended deployment involves never manually using this application. The above installation process will configure it to run with suspect files as a parameter. Example:

open_safety.exe example.js

You may wish to query the version:

open_safety.exe --version

Response

This application aims to provide two mechanisms to better handle script execution than the notepad trick. Specifically:

  • It provides the user a suitable message, presenting a much less confusing feedback than open a test file of source code
  • It attempts to alert any monitoring IT teams

Details

When this application is executed it will follow the below process, for the script "example.js":

  • To prevent any misuse, it first ensures the called file has an appropriate file extension
  • It further checks the file does not sit under standard system directories
  • The file is renamed to "DANGEROUS example.js.txt" to neutralise the risk.
  • It creates the file "example.com" in the same directory containing the EICAR test string. This should set off appropriate alarms for Defenders

Development

This application currently uses only one external crate (base64). It's designed as much as possible with guard rails around misuse, and it never actually deletes content. CI has been setup with strict use of clippy and cargo fmt. There's a deliberate goal of becoming "stable" and not requiring ongoing addition of features to assist with this becoming trusted for use. To this end, I'm unlikely to accept PRs with substantive changes. Designed to build with rust stable with no unsafe. The binary in "releases" is built straight from this codebase, includes no telemetry or additional code. Currently only Windows x64 type binaries are pre-built for releases.

TODO

  • Installation Powershell to fetch executable from Github releases
  • Implement CI with Github actions
  • Blog post on why this is useful
  • Obtain a code signing cert

Release guide

cargo build --release
$codeCertificate = Get-ChildItem Cert:\CurrentUser\My
Set-AuthenticodeSignature -FilePath .\target\release\open_safety.exe  -Certificate $codeCertificate -TimeStampServer "http://timestamp.digicert.com"

About

An application to assist with securing script execution

Resources

License

Stars

Watchers

Forks

Packages

No packages published