Quick-Lookup-Ptrun - Quick Lookup Plugin For PowerToys Run (Wox)

This plugin for PowerToys Run allows you to quickly search for an IP address, domain name, hash or any other data points in a list of Cyber Security tools. It's perfect for security analysts, penetration testers, or anyone else who needs to quickly lookup information when investigating artifacts or alerts.

Installation

To install the plugin:

• Navigate to your Powertoys Run Plugin folder
  • For machine wide install of PowerToys: C:\Program Files\PowerToys\modules\launcher\Plugins
  • For per user install of PowerToys: C:\Users\<yourusername>\AppData\Local\PowerToys\modules\launcher\Plugins
• Create a new folder called QuickLookup
• Extract the contents of the zip file into the folder you just created
• Restart PowerToys and the plugin should be loaded under the Run tool settings and work when promted with ql

Usage

To use the plugin, simply open PowerToys Run by pressing Alt+Space and type the activation command ql followed by the tool category and the data you want to lookup.

The plugin will open the data searched in a new tab in your default browser for each tool registered with that category.

Default Tools

This plugin currently comes default with the following tools:

• Shodan - IP Lookup
• GreyNoise - IP Lookup
• Spur - IP Lookup
• VirusTotal - IP, Domain & Hash Lookup
• Censys - IP & Domain Lookup
• CriminalIP - IP & Domain Lookup
• Whois - Whois Lookup
• EasyCounter - Whois Lookup
• Whoisology - Whois Lookup

Configuration

NOTE: Prior to version 1.3.0 tools.conf was the default configuration file used.

The plugin will now automatically convert the tools.conf list to tools.json if it does not already exist in JSON form and will then default to using that instead.
The legacy config file will remain however will not be used and will not be included in future builds starting from v1.3.0

By default, the plugin will use the precofigured tools listed above. You can modify these settings by editing the tools.json file in the plugin folder.
The format for the configuration file follows the below standard:

{
    "Name": "VirusTotal",
    "URL": "https://www.virustotal.com/gui/search/{0}",
    "Categories": [ "ip", "domain", "hash"],
    "Enabled": true
}

In the URL, {0} will be replace with the search input. As such, only sites that work based on URL data (GET Requests) are supported for now.
For example, https://www.virustotal.com/gui/search/{0} would become https://www.virustotal.com/gui/search/1.1.1.1

Encryption is on the Rise!

When the Internet Engineering Task Force (IETF) announced the TLS 1.3 standard in RFC 8446 in August 2018, plenty of tools and utilities were already supporting it (even as early as the year prior, some web browsers had implemented it as their default standard, only having to roll it back due to compatibility issues. Needless to say, the rollout was not perfect).

Toward the end of 2018, EMA conducted a survey of customers regarding their TLS 1.3 implementation and migration plans. In the January 2019 report, EMA concluded:

Some participants’ organizations may find they have to go back to the drawing board and come up with a Plan B to enable TLS 1.3 without losing visibility, introducing unacceptable performance bottlenecks and greatly increasing operational overhead. Whether they feel they have no choice but to enable TLS 1.3 because major web server and browser vendors have already pushed ahead with it or because they need to keep pace with the industry as it embraces the new standard is unclear. What is clear is that security practitioners see the new standard as offering greater privacy and end-to-end data security for their organizations, and that the long wait for its advancement is over.

When EMA asked many of the same questions in an updated survey of 204 technology and business leaders toward the end of 2022, they found that nearly all the conclusions in the 2018/2019 report still hold true today. Here are the three biggest takeaways from this most recent survey:

• Remote work, regulatory and vendor controls, and improved data security are drivers. With all the attention paid to data security and privacy standards over the past few years, it is little wonder that improved data security and privacy were primary drivers for implementation – and those goals were generally achieved with TLS 1.3. The push for remote working has also increased TLS 1.3 adoption because security teams are looking for better ways for remote workers (76% using) and third-party vendors (64% using) to access sensitive data.
• Resource and implementation costs are significant. Eighty-seven percent that have implemented TLS 1.3 require some level of infrastructure changes to accommodate the update. As organizations update their network infrastructure and security tools, migration to TLS 1.3 becomes more realistic, but it is a difficult pill to swallow for many organizations to revamp their network topology due to this update. Over time, organizations will adopt TLS 1.3 for no other reason than existing technologies being depreciated – but that continues to be a slow process. There is also a real consideration about the human resources available to implement a project with very little perceived business value (81%), causing workload increases to thinly stretched security staff. Again, this will likely change as the technology changes and improves, but competing business needs will take a higher priority.
• Visibility and monitoring considerations remain the biggest obstacle to adoption. Even with vendor controls and regulatory requirements, many organizations have delayed implementing TLS 1.3 for the significant upheaval that it would cause with their security and monitoring plans within their environment. Even with improved technologies (since the first announcement of TLS 1.3), organizations still cannot overcome these challenges. Organizations are evaluating the risks and compensating controls when it comes to delaying the implementation, and they continue to evaluate stop-gap solutions that are easier and less intrusive to implement than TLS 1.3 while road-mapping their eventual TLS 1.3 migration.

While regulatory frameworks and vendor controls continue to push the adoption of the TLS 1.3 standard, adoption still comes with a significant price tag – one that many organizations are just not yet ready or able to consume. Technology improvements will increase rates of adoption over time, such as Cisco Secure Firewall’s ability to decrypt and inspect encrypted traffic. More recent and unique technologies, like Cisco’s encrypted visibility engine, allow the firewall to recognize attack patterns in encrypted traffic without decryption. This latter functionality preserves performance and privacy of the encrypted flows without sacrificing the visibility and monitoring that 94% of respondents were concerned about.

Readers wishing to read the full EMA report can do so here and readers wishing to learn more about Cisco Secure Firewall’s encyrpted visibility engine can do so here.

We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

Instagram
Facebook
Twitter
LinkedIn