The first part of this blog will be the story of how this tool found it’s way into existence, the problems we faced and the thought process followed. The second part will be a more technical deep dive into the tool itself, how to use it, and how it works.
About 1½ half years ago I did an awesome Red Team like project. The project boils down to the following: Continue reading
Taskbaricon mouseover highlight
First things first: Happy new year! I am sure 2016 will be a great year! Next up: DominantColor. It’s a project for calculating the dominant (hue) color in an image.This is something that took some research as I was building JeS Multi-Monitor Suite. The taskbar in Windows 7, 8 and 8.1 implemented a similar feature showing the dominant color as a highlight when you mouseover the taskbar icon. Continue reading
DevOps! A must for modern software development, right?! You would expect most companies are already moving towards this new way of working. Why? Because software development needs to be more agile. Say you have a new customer, he wants a demo of your application but he also wants to see that one new feature. The software release that contains that feature is scheduled to be released in 2 months. Though, that specific feature is already “done and ready”. You ask the developers/administrators if they can put together a demo of that feature.. At that moment the devs and administrators are getting nervous. Everyone checks in their code to one single code branch so how are they going to demo that specific feature? Maybe on a laptop of a dev that still has a stable (*kuch* compiling) revision? This is where we have to change the way we develop software.
During the development of a Windows 10 Universal Windows App today I ran into a weird issue with Entity Framework 7, beta 6. I was using a Sqlite database for local storage within the app and everything seemed to work fine until I hit against a bug in the EF (Entity Framework). Continue reading
Today I publish Yara.NET – A C++/CLI .NET wrapper around the Yara 3.4.0 library. It enables you to use all the Yara functionality that the native C lib exposes in .NET! Yara.NET API was inspired by the Python API and has thus a somewhat similar API. Why is it built in C++/CLI and not C#? Because building a wrapper library in C# around a native library is a pain compared to using C++/CLI. Using C++/CLI you can link directly against the native lib and use all of the existing header files without the need to redefine every function using PInvoke..
Figure 1, .NET Pinvoke memory corruption
Today I ran into some old screenshots of a problem I was having in 2013. Interesting problem! I was trying retrieve a piece of data that was located in another process memory space using the ReadProcessMemory API. I defined the API using PInvoke(Platform Invoke), a technique used to call native functions from .NET. The issue I was having was that only under Windows 8 I was getting a NullReferenceException and initially I had no clue why. Continue reading
I decided to dust off some old projects! I decided to post the source for the multi tab command line utility I wrote some time ago. Note that I don’t intend to support or further develop it. Just want to share 😉
Finally, the last level! Level 5 is a “simple number manager”. It is similar to the note manager as it allows to store up to 10 numbers. That’s… really useful.. 😛
Level 5, simple number manager
Level4, time for some crypto and reverse engineering.. Level 4 is a binary which decrypts encrypted files with a password, and of course an example binary and password are given. Putting some random data in a file and trying to decrypt that results in a message that the file is invalid or corrupt. This suggests that the binary has some kind of checksum algorithm to detect if the file is valid. Let’s take a closer look at the binary.. Continue reading
Level 3, one of my favorites! As with the previous level, we started a binary on the vm with socat. This time we find a random number game.. As usual we start fuzzing..(string format, buffer overflow etc.) but after some time we haven’t found anything. Time to look closer at the binary.. Continue reading