On my list of things to look at via [Wayback/Archive] “AutoLogonSID” – Google Search:
Archive for the ‘Security’ Category
Need to check out the Windows AutoLogonSID registry value and other autologon security features in Windows
Posted by jpluimers on 2024/10/16
Posted in Conference Topics, Conferences, Development, Event, Power User, Security, Software Development, Windows, Windows 10, Windows 11, Windows 7, Windows 8, Windows 8.1, Windows Development | Leave a Comment »
The state of malware today: From Highly Obfuscated Batch File to XWorm and Redline – SANS Internet Storm Center
Posted by jpluimers on 2024/10/10
A very interesting read, where it keeps me wondering how batch files like these are being generated (making them by hand feels very surreal): [Wayback/Archive] From Highly Obfuscated Batch File to XWorm and Redline – SANS Internet Storm Center
VirusTotal entry: [Wayback/Archive] VirusTotal – File – 453c017e02e6ce747d605081ad78bf210b3d0004a056d1f65dd1f21c9bf13a9a
The day after the article was written, only Kaspersky and ZoneAlarm detected it; in the past ZoneAlarm used the Kaspersky engine, but that stopped a while ago: [Wayback/Archive] ZoneAlarm Free Antivirus Review | PCMag.
The malware uses at least these technologies:
Share this:
Posted in Antivirus, Batch-Files, Development, Power User, PowerShell, Python, Scripting, Security, Software Development, Windows Development | Leave a Comment »
Thread by @troyhunt: the Internet Archive was breached, DDoSed and defaced – reset your passwords (it’s the same account as for their Wayback Machine)
Posted by jpluimers on 2024/10/10
Despite messages of the Internet Archive and Wayback Machine were fully up again after the DDoS in the last few days (usually starting at around 20:00 UTC, lasting for hours at a time, but today at 10:00 UTC), countermeasures of their password breach at the end of September and defacement yesterday, today they still had Wayback Machine archiving issues:
Share this:
Posted in Internet, InternetArchive, Power User, Security, WayBack machine | Tagged: Darkmeta, Sn_blackmeta, Sn_darkmeta | Leave a Comment »
Windows 10/11: Skip Security Questions When Adding Local User
Posted by jpluimers on 2024/09/30
Based on [Wayback/Archive] Windows 10/11: Skip Security Questions When Adding Local User, [Wayback/Archive] Remove Security Questions when setting up Local Account in Windows and others:
- if during initial Windows 10/11 setup you add a user with a password, then it will ask you for 3 security questions
- if you do not want these 3 security questions:
- leave the password blank when adding the user
- after first logon, press Ctrl-Alt-Del and change the password from blank to an actual password
Via [Wayback/Archive] windows 10 skip security questions – Google Search.
–jeroen
Share this:
Posted in Authentication, Power User, Security, Windows, Windows 10, Windows 11 | Leave a Comment »
What’s inside the QR code menu at this cafe? – by peabee
Posted by jpluimers on 2024/09/27
This is why I do not trust ordering via QR-code: you never know how good (or usually bad, often even non-existent) their security is.
[Wayback/Archive] What’s inside the QR code menu at this cafe? – by peabee is a really bad example about Google backed DotPe: they have zero-auth and by now have rated limited API access by IP address.
…
I went to a cafe near my home. I sat down and scanned the QR code on the table. It took me to a website displaying the cafe’s menu. It asked me for my name and Whatsapp mobile number. I entered the details and placed the order.
In 5 mins my order arrived at the table. There was no OTP verification, and no one came to confirm the order. Is this what the peak ordering experience looks like?
It was a slow workday, and I thought I might as well open this QR code website on my laptop and have a quick look under the hood. Maybe I should’ve just made my own coffee and stayed home because I didn’t realize I was opening a can of worms.
…
This kind of zero-auth is not infrequent: the Panels API and CDN were wide-open too: [Wayback/Archive] https://storage.googleapis.com/panels-api/data/20240916/media-1a-i-p~s
Share this:
Posted in Authentication, Development, Infosec (Information Security), LifeHacker, Phishing, Power User, Security, Software Development | Tagged: 1 | Leave a Comment »
string – Check if MyString[1] is an alphabetical character? – Stack Overflow (and how Embarcadero broke one of the product version neutral redirects)
Posted by jpluimers on 2024/09/24
Quite a while ago [Wayback/Archive] string – Check if MyString[1] is an alphabetical character? – Stack Overflow asked by [Wayback/Archive] User Jeff was answered by [Wayback/Archive] Andreas Rejbrand:
The simplest approach is
function GetAlphaSubstr(const Str: string): string; const ALPHA_CHARS = ['a'..'z', 'A'..'Z']; var ActualLength: integer; i: Integer; begin SetLength(result, length(Str)); ActualLength := 0; for i := 1 to length(Str) do if Str[i] in ALPHA_CHARS then begin inc(ActualLength); result[ActualLength] := Str[i]; end; SetLength(Result, ActualLength); end;but this will only consider English letters as “alphabetical characters”. It will not even consider the extremely important Swedish letters Å, Ä, and Ö as “alphabetical characters”!
Slightly more sophisticated is
function GetAlphaSubstr2(const Str: string): string; var ActualLength: integer; i: Integer; begin SetLength(result, length(Str)); ActualLength := 0; for i := 1 to length(Str) do if Character.IsLetter(Str[i]) then begin inc(ActualLength); result[ActualLength] := Str[i]; end; SetLength(Result, ActualLength); end;
Back in 2011 I added a comment that for more than a decade would redirect to the most current documentation on the IsLetter method:
+1 for using
IsLetterwhich checks the Unicode definition for being a letter or not [Wayback] docwiki.embarcadero.com/VCL/en/Character.TCharacter.IsLetter
Back then, Delphi X2 was current, so it would redirect
- from [Wayback] http://docwiki.embarcadero.com/VCL/en/Character.TCharacter.IsLetter
- to [Wayback] http://docwiki.embarcadero.com/VCL/XE2/en/Character.TCharacter.IsLetter
- then to [Wayback] http://docwiki.embarcadero.com/VCL/XE2/en/Character.TCharacter.IsLetter
- ending at [Wayback] http://docwiki.embarcadero.com/Libraries/XE2/en/System.Character.TCharacter.IsLetter
After a long outage in 2022 (see The Delphi documentation site docwiki.embarcadero.com has been down/up oscillating for 4 days is now down for almost a day.) only the Alexandria help was restored.
This killed the above redirect.
Luckily [Wayback/Archive] George Birbilis noticed that and commented this:
@JeroenWiertPluimers the correct link now is: docwiki.embarcadero.com/Libraries/Alexandria/en/…
In order to refer to the most recent Delphi version, now you have to use [Wayback] http://docwiki.embarcadero.com/Libraries/en/System.Character.TCharacter.IsLetter.
This redirects:
- via [Wayback] http://docwiki.embarcadero.com/Libraries/Alexandria/en/System.Character.TCharacter.IsLetter to
- to [Wayback] https://docwiki.embarcadero.com/Libraries/Alexandria/en/System.Character.TCharacter.IsLetter
The above breaks the help integration from older Delphi products which is bad. It is also bad because it makes it harder to port legacy Delphi code to more modern Delphi versions.
Hopefully the above gives you a bit insight how the docwiki help system was designed and what is left of that design.
–jeroen
Share this:
Posted in Communications Development, Conference Topics, Conferences, Delphi, Development, Encryption, Event, HTML, HTTP, https, HTTPS/TLS security, Internet protocol suite, Power User, Security, Software Development, TCP, TLS, Web Development | Leave a Comment »
Thread by @LetheForgot to @SwiftOnSecurity on Thread Reader App – Windows boot recovery
Posted by jpluimers on 2024/09/23
[Wayback/Archive] Thread by @LetheForgot on Thread Reader App:
What we did was use the advanced restart options to launch the command prompt, skip the bitlocker key ask which then brought us to drive X and ran “
bcdedit /set {default} safeboot minimal“which let us boot into safemode and delete the sys file causing the bsod.Not scalable at all but let us get vital systems running while we try to solve the bootloop en masse
Don’t forget to renable normal booting afterwards by doing the same but running “
bcdedit /deletevalue {default} safeboot“
Just in case another event like the 2024 Crowdstrike debacle happens.
--jeroen
Share this:
Posted in Encryption, Power User, Security, Windows | Leave a Comment »
MokupiPogisho👁️ on Twitter: “How to find hidden cameras in AirBnB 👁”
Posted by jpluimers on 2024/09/06
[Wayback/Archive] MokupiPogisho👁️ on Twitter: “How to find hidden cameras in AirBnB 👁 “ quoted a TikTok movie that basically both that a lot of devices can contain very tiny cameras and how to find many of them in a reliable way:
[Wayback/Archive] https://video.twimg.com/ext_tw_video/1475152238213484555/pu/vid/320×5…
Share this:
Posted in Awareness, LifeHacker, Power User, Security | Leave a Comment »
If I ever need to do OAuth: aspnet-contrib/AspNet.Security.OAuth.Providers: OAuth 2.0 social authentication providers for ASP.NET Core
Posted by jpluimers on 2024/08/21
This is cool: [Wayback/Archive] aspnet-contrib/AspNet.Security.OAuth.Providers: OAuth 2.0 social authentication providers for ASP.NET Core.
Based on ideas at [Wayback/Archive] TerribleDev/OwinOAuthProviders: OAuth providers for Owin.
Via [Wayback/Archive] David Fowler 🇧🇧🇺🇸 on Twitter: “Since we’re on the auth topic, there’s a repository maintained by @martin_costello and @kevin_chalet for interacting with pretty much every oauth provider on the planet github.com/aspnet-contrib/AspNet.Security.OAuth.Providers… #dotnet #aspnetcore”.
OAuth 2.0 providers covered at the time of writing are in the [Wayback/Archive] AspNet.Security.OAuth.Providers/README.md: Providers at dev · aspnet-contrib/AspNet.Security.OAuth.Providers.
–jeroen
Share this:
Posted in .NET, .NET Core, Authentication, C#, Development, OAuth, Power User, Security, Software Development | Leave a Comment »
Jilles preparing for a Red Team training event
Posted by jpluimers on 2024/08/01
Remember to adapt what you pack and tailor it for each red team training event as the blue team should expect the unexpected. Believable pretext is key.
[Wayback/Archive] jilles.com 🔜 MCH2022 🏳️🌈🏳️⚧️ on Twitter: “Need to pack enough breaking and entering stuff to pull a good show during the RedTeam training but not too much to get arrested on my way to work. Then again, I might pull it off when I put YMCA on in a loop, in case I get pulled over. “
[Wayback/Archive] jilles.com 🔜 MCH2022 🏳️🌈🏳️⚧️ on Twitter: “This will do for now ;-)”
Share this:
Posted in Blue team, Power User, Red team, Security, Uncategorized | Leave a Comment »
The Wiert Corner - irregular stream of stuff 