Archive for the ‘PowerShell’ Category
Posted by jpluimers on 2025/03/31
A few years back I had an error happen a while on one of my Windows machines after a git pull: fatal: detected dubious ownership in repository at 'C:/versioned/repository' followed by a few lines with Windows SIDs (Security Identifiers) that I had to map to actual users.
I thought I had it scheduled, but my notes were in a draft post, so when I bumped into it again when upgrading an old virtual machine with new versions I finished it and scheduled it for now.
The first time I got the error was after git for Windows fixed security vulnerability [Wayback/Archive] CVE-2022-24765 and included the quote from [Wayback/Archive] Uncontrolled search for the Git directory in Git for Windows · Advisory · git-for-windows/git:
Read the rest of this entry »
Posted in CommandLine, Development, DVCS - Distributed Version Control, git, Power User, PowerShell, PowerShell, Scripting, Software Development, Source Code Management, Windows, Windows 10, Windows 11, Windows 7 | Tagged: 11 | Leave a Comment »
Posted by jpluimers on 2025/03/26
Posted in .NET, C#, Chocolatey, CommandLine, Development, Power User, PowerShell, PowerShell, Scripting, Software Development, Windows | Tagged: 1018 | Leave a Comment »
Posted by jpluimers on 2025/03/04
In the past, the Google Hangouts desktop app on Windows would integrate with the system “tray” (actually the notification area) and show you missed chats and calls.
The [Wayback/Archive] Google Chat desktop app does not. It shows missed messages only as a number on the taskbar icon. Even worse: when you close the Window, the taskbar application icon does not show that number any more.
The odd thing is that the Google Duo desktop app does stay active and shows a notification popup on incoming calls. The Google Chat desktop app does not.
So I wanted to restart the Google Chat desktop app automatically when the Window was closed. But there is a catch:
Read the rest of this entry »
Posted in .NET, C#, CommandLine, Delphi, Development, PowerShell, PowerShell, Scripting, Software Development | Tagged: 37 | Leave a Comment »
Posted by jpluimers on 2024/12/12
Simple (but fully working) code for NPLogonNotify(). The function obtains logon data, including cleartext password.
[Wayback/Archive] PSBits/PasswordStealing/NPPSpy at master · gtworek/PSBits has been used in the wild since about 2022 (the code is from 2020).
The code is a ~100 line C file resulting in a DLL exporting the NPGetCaps() and NPLogonNotify() functions.
Background/related:
Read the rest of this entry »
Posted in .NET, Blue team, C, CommandLine, Development, Power User, PowerShell, PowerShell, Red team, Scripting, Security, Software Development, Windows Development | Tagged: NPPSPY | 1 Comment »
Posted by jpluimers on 2024/10/10
A very interesting read, where it keeps me wondering how batch files like these are being generated (making them by hand feels very surreal): [Wayback/Archive] From Highly Obfuscated Batch File to XWorm and Redline – SANS Internet Storm Center
VirusTotal entry: [Wayback/Archive] VirusTotal – File – 453c017e02e6ce747d605081ad78bf210b3d0004a056d1f65dd1f21c9bf13a9a
The day after the article was written, only Kaspersky and ZoneAlarm detected it; in the past ZoneAlarm used the Kaspersky engine, but that stopped a while ago: [Wayback/Archive] ZoneAlarm Free Antivirus Review | PCMag.
The malware uses at least these technologies:
Read the rest of this entry »
Posted in Antivirus, Batch-Files, Development, Power User, PowerShell, Python, Scripting, Security, Software Development, Windows Development | Leave a Comment »
Posted by jpluimers on 2024/10/09
Note that the below methods likely will cause security warnings if a Windows machine has been properly configured, but in most cases at least one of them works.
- using cURL (Widows 10 and up)
curl --url https://speed.hetzner.de/100MB.bin --output %TEMP%\100MB.bin
- using [Wayback/Archive]
certutil | Microsoft Docs (at least Windows 7 and up; needs UAC elevation)
certutil.exe -urlcache -split -f https://speed.hetzner.de/100MB.bin %TEMP%\100MB.bin
- using PowerShell (at least Windows Vista and up)
powershell.exe -Command (New-Object System.Net.WebClient).DownloadFile('https://speed.hetzner.de/100MB.bin','%TEMP%\100MB.bin')
I think it works for all versions of curl, certutil, and PowerShell though I did not have anything older than up-to-date Windows 7 (having PowerShell version 3) and recent to test on.
Read the rest of this entry »
Posted in *nix, *nix-tools, .NET, Batch-Files, CommandLine, cURL, Development, Power User, PowerShell, PowerShell, Scripting, Software Development, Windows, Windows 10, Windows 11, Windows 7, Windows 8, Windows 8.1, Windows Development, Windows Vista | Leave a Comment »
Posted by jpluimers on 2024/09/19
Reminder to check-out of the 2015 issue mentioned in the tweets below has been had any progress.
At the time of tweeting, choco has no notion of [Wayback/Archive] status.chocolatey.org which would be very helpful to point to in case of errors on time-outs on chocolatey server calls especially if it could interrogate and inform of maintenance windows and outages when things fail on the client side.
Read the rest of this entry »
Posted in .NET, Chocolatey, CommandLine, Development, PowerShell, PowerShell, Scripting, Software Development, Windows | Leave a Comment »
The Wiert Corner - irregular stream of stuff 