Posted by jpluimers on 2024/12/04
Interesting for both red teams and blue teams: [Wayback/Archive] Hijack Libs
This project provides an curated list of DLL Hijacking candidates. A mapping between DLLs and vulnerable executables is kept and can be searched via this website. Additionally, further metadata such as resources provide more context.
Posted in Blue team, Development, Power User, Red team, Security, Software Development, Windows Development | Leave a Comment »
Posted by jpluimers on 2024/11/19
A while ago, within a week time, I got reminded of a project I did some 15 years ago involving low-latency audio using the .NET platform on Windows XP Embedded.
For that I used the BASS.NET wrapper classes and P/Invoke methods around the Un4seen BASS Audio Library.
Back in those days there was not much documentation about this, but now there is more.
Some starting points are:
BASS.NET is a .Net wrapper for the BASS Audio Library and all it’s Add-Ons – available @ http://www.un4seen.com. The Bass.Net.dll release version is installed in the specified ‘install-directory’ and will be registered to the .NET Framework as a standard component (if you left all the installation options checked). Note, that there are various Bass.Net assemblies available (side-by-side): one targeting the .Net v4.8 Full Framework and one targeting the .Net v6.0 Core Framework.
The native BASS libraries (e.g. bass.dll) are NOT included and need to be downloaded seperately – so make sure to download the BASS library and the needed add-on libraries and place them to your project executable directory (e.g. place the bass.dll to .\bin\Debug).
…
followed by an elaborate list of the Bass.net namespaces.
Via:
Maart 2021
Momenteel repeteer ik wekelijks met mijn muziekverenigingen realtime via internet. We kunnen echt samen muziek maken en dat is heerlijk!
Om succesvol samen te kunnen spelen via internet begruiken we 2 programma’s:
- Zoom – dit gebruiken we voor het beeld, de video.
- Jamulus – dit gebruiken we voor het geluid, de audio.
Op deze pagina vindt u een handleiding die ik schreef voor de installatie en het instellen van deze 2 programma’s.
Let op: Er is een aparte handleiding voor Windows en een aparte handleiding voor MacOS.
Verder kun je via deze pagina de installatieprogramma’s downloaden die nodig zijn om Jamulus en ASIO4ALL te installeren.
Dit is Open Source software die je ook kunt downloaden van www.jamulus.io en www.asio4all.org.
Related:
…
Among other things, this makes it possible to emulate a typical Windows application that opens an audio device in shared mode. This means other applications can use the same audio devices at the same time, with the Windows audio engine mixing the various audio streams. Other universal ASIO drivers do not offer this functionality as they always open audio devices in exclusive mode.
…
--jeroen
Posted in .NET, Audio, Conference Topics, Conferences, Development, Event, LifeHacker, Media, Power User, Software Development, Windows Development | Leave a Comment »
Posted by jpluimers on 2024/11/05
Edge browser Window without address bar of a Microsoft logon page for wesbos@gmail.com not indicating what the logon is for.
[Wayback/Archive] Thread by @wesbos on Thread Reader App
Every single app that uses a popup to sign in needs to stop hiding the address bar.
There is no way to test if its a legit website and 1Password doesn’t work
Without this, your logon borders on a dark pattern which can easily be abused by scammers.
Basically there are three things to make very clear for any logon page belonging to an actually executable: what you are actually logging on to, for and with.
Preferably your application also makes very clear that the logon page actually belongs to the application executable (despite users can figure out the application itself through for instance the Task Manager, or Process Explorer).
For web based logon, this last step is not possible, so for that it is really important to show the URL and the relation of the URL to the application (especially if you use a 3rd party logon like a Microsoft account – formerly Microsoft Passport, Google Account or Facebook account like was popular in OpenID heydays decade surrounding 2010).
Tweet:
Posted in Dark Pattern, Development, Software Development, User Experience (ux), Web Development, Windows Development | Leave a Comment »
Posted by jpluimers on 2024/10/16
On my list of things to look at via [Wayback/Archive] “AutoLogonSID” – Google Search:
Posted in Conference Topics, Conferences, Development, Event, Power User, Security, Software Development, Windows, Windows 10, Windows 11, Windows 7, Windows 8, Windows 8.1, Windows Development | Leave a Comment »
Posted by jpluimers on 2024/10/10
A very interesting read, where it keeps me wondering how batch files like these are being generated (making them by hand feels very surreal): [Wayback/Archive] From Highly Obfuscated Batch File to XWorm and Redline – SANS Internet Storm Center
VirusTotal entry: [Wayback/Archive] VirusTotal – File – 453c017e02e6ce747d605081ad78bf210b3d0004a056d1f65dd1f21c9bf13a9a
The day after the article was written, only Kaspersky and ZoneAlarm detected it; in the past ZoneAlarm used the Kaspersky engine, but that stopped a while ago: [Wayback/Archive] ZoneAlarm Free Antivirus Review | PCMag.
The malware uses at least these technologies:
Posted in Antivirus, Batch-Files, Development, Power User, PowerShell, Python, Scripting, Security, Software Development, Windows Development | Leave a Comment »
Posted by jpluimers on 2024/10/09
Note that the below methods likely will cause security warnings if a Windows machine has been properly configured, but in most cases at least one of them works.
curl --url https://speed.hetzner.de/100MB.bin --output %TEMP%\100MB.bin
certutil | Microsoft Docs (at least Windows 7 and up; needs UAC elevation)certutil.exe -urlcache -split -f https://speed.hetzner.de/100MB.bin %TEMP%\100MB.bin
powershell.exe -Command (New-Object System.Net.WebClient).DownloadFile('https://speed.hetzner.de/100MB.bin','%TEMP%\100MB.bin')
I think it works for all versions of curl, certutil, and PowerShell though I did not have anything older than up-to-date Windows 7 (having PowerShell version 3) and recent to test on.
Posted in *nix, *nix-tools, .NET, Batch-Files, CommandLine, cURL, Development, Power User, PowerShell, PowerShell, Scripting, Software Development, Windows, Windows 10, Windows 11, Windows 7, Windows 8, Windows 8.1, Windows Development, Windows Vista | Leave a Comment »
Posted by jpluimers on 2024/09/05
Shadow IT has entered the chat
Many companies have hardly any idea how many scripts are being used by their people to get the chores of day to day work done.
Posted in Batch-Files, Development, Power User, PowerShell, Python, Scripting, Software Development, Windows, Windows Development | Leave a Comment »
Posted by jpluimers on 2024/08/21
While researching how to allocate space for empty Windows files, I bumped into this: [Wayback/Archive] windows – What does SetFileValidData doing ? what is the difference with SetEndOfFile? – Stack Overflow.
Interesting but dangerous: SetFileValidData allows setting the end of the “valid” file data to a point into the file without Windows pretending the content was zero-filled.
The big important thing here (a drawback for security, a blessing for adversaries): the file will incorporate data that was on disk before it got incorporated into the file, potentially leaking deleted data.
That’s why the SetFileValidData required at least the SE_MANAGE_VOLUME_NAME privilege.
QA content and salvaged/archived related links:
Posted in Development, Software Development, Windows Development | Leave a Comment »
Posted by jpluimers on 2024/08/14
Cool tool to peek around in the Windows File System API and fiddle around uncharted territory: [Wayback/Archive] ladislav-zezula/FileTest: Source code for File Test – Interactive File System Test Tool.
It is written in C++ using Visual Studio and has build-instructions in [Wayback/Archive] FileTest/README.md at master · ladislav-zezula/FileTest.
Via [Wayback/Archive] “create reparse point” “query reparse point” – Google Search (which also found [Wayback/Archive] Free File Utilities – Free download and software reviews – CNET Download [Wayback download]) after reading a tweet thread having these highlights:
Posted in C, C++, Development, Polyglot, Software Development, Visual Studio C++, Windows Development | Leave a Comment »
Posted by jpluimers on 2024/08/11
Interesting take of which I was subconsciously aware for a while as well: [Wayback/Archive] Thom :linux: :kde: :systemd:: “My concerns about the future o…” – Exquisite.social
My concerns [www.osnews.com] about the future of Firefox keep becoming reality [www.osnews.com] and yet nobody who relies on Firefox – Canonical, Fedora, KDE, GNOME, etc. – seem to give a shit.
Y’all realise Mozilla is about to lose 80% of its revenue, right? And y’all do understand what this will mean for Firefox, right? Why aren’t you taking any steps or making any plans to prepare for what this will inevitably mean for the most important and crucial desktop Linux application?
I feel like Kassandra [en.wikipedia.org] over here.
It is not a Desktop Linux problem alone: it is a Firefox problem at heart which will also (and in much larger numbers) affect other platforms as it also means one less browser engine: the Gecko browser engine used by Firefox and other browsers highly depends on Mozilla funding.
Given the long lasting keyboard productivity problems in Firefox on MacOS and Windows (even without any extensions installed), I don’t think that my frequency of Firefox usage will increase beyond occasional use.
A few examples hampering power usage of Firefox:
Posted in Development, Firefox, Power User, Software Development, Web Browsers, Windows Development, xCode/Mac/iPad/iPhone/iOS/cocoa | Leave a Comment »
The Wiert Corner - irregular stream of stuff 