Posted by jpluimers on 2024/12/12
Simple (but fully working) code for
NPLogonNotify(). The function obtains logon data, including cleartext password.
[Wayback/Archive] PSBits/PasswordStealing/NPPSpy at master · gtworek/PSBits has been used in the wild since about 2022 (the code is from 2020).
The code is a ~100 line C file resulting in a DLL exporting the NPGetCaps() and NPLogonNotify() functions.
Background/related:
Posted in .NET, Blue team, C, CommandLine, Development, Power User, PowerShell, PowerShell, Red team, Scripting, Security, Software Development, Windows Development | Tagged: NPPSPY | 1 Comment »
Posted by jpluimers on 2024/12/05
For my link archive as this is environment variable override trick to override DLL loading is not just limited to executables shipping with Windows, but also with other products (likely: virus scanners that run privileged); another alternative is running a local process serving the WebDAV protocol.
Posted in Development, Power User, Security, Software Development, Windows, Windows 10, Windows 11, Windows Development | Tagged: DEFCON30 | Leave a Comment »
Posted by jpluimers on 2024/12/04
Interesting for both red teams and blue teams: [Wayback/Archive] Hijack Libs
This project provides an curated list of DLL Hijacking candidates. A mapping between DLLs and vulnerable executables is kept and can be searched via this website. Additionally, further metadata such as resources provide more context.
Posted in Blue team, Development, Power User, Red team, Security, Software Development, Windows Development | Leave a Comment »
Posted by jpluimers on 2024/12/02
Posted in Power User, Security | Leave a Comment »
Posted by jpluimers on 2024/11/19
I while ago, I bumped into [Wayback/Archive] crt.sh | Certificate Search that allows searching for (the history of) TLS certificates.
One example of what it returns is [Wayback/Archive] crt.sh | wiert.me (for my blog domain and subdomains).
The basic mechanism of crt.sh is to query various Certificate Transparency logs and Certificate revocation list, terms I vaguely knew, but never fully realised the vast usefulness of (including questions like [Wayback/Archive] How does crt.sh becomes aware of certificates that are in no CT logs?).
The cool thing is that most (everything?) of it is open source in the various repositories at [Wayback/Archive] Github: crt.sh.
There is also an advanced search page [Wayback/Archive] crt.sh | Certificate Search (a=1) with many more options (including linting) I really want to try later plus a bunch of background links (including the support forum at) of which some *.crt.sh returned a http 502 while writing this blog post. Will try later to see if they have started working again:
Posted in Communications Development, Development, Encryption, HTTPS/TLS security, Internet protocol suite, Power User, Security, TCP, TLS | Leave a Comment »
Posted by jpluimers on 2024/11/18
An idea: [Wayback/Archive] Jeroen Wiert Pluimers: “@ruurd @mcc … Maybe place useful content below 500 KiB and serve a file at least 1 GiB size?…” – Mastodon
@ruurd @mcc probably not, although Google Search limits them to 500 KiB.
https://developers.google.com/search/docs/crawling-indexing/robots/robots_txt#file-format
“Google currently enforces a robots.txt file size limit of 500 kibibytes (KiB). Content which is after the maximum file size is ignored. You can reduce the size of the robots.txt file by consolidating rules that would result in an oversized robots.txt file. For example, place excluded material in a separate directory.”
Maybe place useful content below 500 KiB and serve a file at least 1 GiB size?
It was in response to these earlier toots (with quotes of some very interesting links on when cookies are (dis)allowed – TL;DR: it depends on local regulations):
Posted in Antivirus, GDPR/DS-GVO/AVG, Power User, Privacy, Security | Leave a Comment »
Posted by jpluimers on 2024/11/12
I totally missed this back in 2019 when having the first belly surgery (that eventually would lead up into discovering I had already had rectum cancer at that time) [Wayback/Archive] How to Weaponize the Yubikey – Black Hills Information Security.
Luckily I got a reminder: [Wayback/Archive] jilles.com on Twitter: “/me the asshole that spoils the magic trick …” after [Wayback/Archive] yan on Twitter: “who’s excited for defcon next week”
Posted in 2FA/MFA, Authentication, Development, Hardware, Hardware Interfacing, Power User, Security, Software Development, U2F FIDO Security Keys, USB, USB | Leave a Comment »
Posted by jpluimers on 2024/10/29
At the time of writing [Wayback/Archive] Two-Factor Authentication & Data Protection | Duo Security is supposed to be free for up to 10 users.
That seems to be an excellent opportunity to re-learn MFA things as it has been a while since I have done big work in that area.
Duo was one of the very many Cisco acquisitions and I wonder how it fits into the Cisco landscape.
Documentation bits to start at:
Posted in 2FA/MFA, Authentication, Development, Mobile Development, Power User, Security, Software Development, Web Development | Leave a Comment »
Posted by jpluimers on 2024/10/16
On my list of things to look at via [Wayback/Archive] “AutoLogonSID” – Google Search:
Posted in Conference Topics, Conferences, Development, Event, Power User, Security, Software Development, Windows, Windows 10, Windows 11, Windows 7, Windows 8, Windows 8.1, Windows Development | Leave a Comment »
Posted by jpluimers on 2024/10/10
A very interesting read, where it keeps me wondering how batch files like these are being generated (making them by hand feels very surreal): [Wayback/Archive] From Highly Obfuscated Batch File to XWorm and Redline – SANS Internet Storm Center
VirusTotal entry: [Wayback/Archive] VirusTotal – File – 453c017e02e6ce747d605081ad78bf210b3d0004a056d1f65dd1f21c9bf13a9a
The day after the article was written, only Kaspersky and ZoneAlarm detected it; in the past ZoneAlarm used the Kaspersky engine, but that stopped a while ago: [Wayback/Archive] ZoneAlarm Free Antivirus Review | PCMag.
The malware uses at least these technologies:
Posted in Antivirus, Batch-Files, Development, Power User, PowerShell, Python, Scripting, Security, Software Development, Windows Development | Leave a Comment »
The Wiert Corner - irregular stream of stuff 