Search Results

XOR is Not as Fancy as Malware Authors Think

Monday, April 9th, 2018

FireEye recently posted some research about an attack leveraging the NetSupport Remote Access tool. The first stage of this attack uses a lot of obfuscation tricks to try to make reverse engineering more difficult. David Ledbetter and I were chatting about some of the lengths the malware authors went through to obfuscate the content. One […]

Part-of-Speech Tagging with PowerShell

Wednesday, December 20th, 2017

When analyzing text, a common goal is to identify the parts of speech within that text – what parts are nouns? Adjectives? Verbs in their gerund form? To accomplish this goal, the area of natural language processing in Computer Science has developed systems for Part of Speech tagging, or “POS Tagging”. The acronym preceded the […]

Automatic Word Clustering: K-Means Clustering for Words

Monday, November 20th, 2017

K-Means clustering is a popular technique to find clusters of data based only on the data itself. This is most commonly applied to data that you can somehow describe as a series of numbers. When you can describe the data points as a series of numbers, K-Means clustering (Lloyd’s Algorithm) takes the following steps: Randomly […]

Easily Search for Vanity Ham Call Signs

Friday, November 3rd, 2017

When you first get your ham radio license, the FCC gives you a random call sign based on your location and roughly your date of application. The resulting call sign is usually pretty impersonal, but the FCC lets you apply for a “vanity” call sign for free. While the rules for these vanity call signs […]

Searching for Content in Base-64 Strings

Thursday, September 21st, 2017

You might have run into situations in the past where you’re looking for some specific text or binary sequence, but that content is encoded with Base-64. Base-64 is an incredibly common encoding format in malware, and all kinds of binary obfuscation tools alike. The basic idea behind Base-64 is that it takes arbitrary binary data […]

Adding a Let’s Encrypt Certificate to an Azure-Hosted Website

Tuesday, March 21st, 2017

If you host your website in Azure, you might be interested in adding SSL support via Let’s Encrypt. Azure doesn’t offer any functionality to automate this or make it easy, but thankfully there are plenty of useful tools in the PowerShell community to make this easy. ACMESharp – A PowerShell module to interact with Let’s […]

Why is SeDebugPrivilege enabled in PowerShell?

Monday, March 20th, 2017

We sometimes get the question: Why is the SeDebugPrivilege enabled by default in PowerShell? This is enabled by .NET when PowerShell uses the System.Diagnostics.Process class in .NET, which it does for many reasons. One example is the Get-Process cmdlet. Another example is the method it invokes to get the current process PID for the $pid […]

Detecting and Preventing PowerShell Downgrade Attacks

Friday, March 17th, 2017

With the advent of PowerShell v5’s awesome new security features, old versions of PowerShell have all of the sudden become much more attractive for attackers and Red Teams. PowerShell Downgrade Attacks There are two ways to do this: Command Line Version Parameter The simplest technique is: “PowerShell –Version 2 –Command <…>” (or of course any […]

Differences between Visual Studio 2003, 2005, 2008, 2010, 2012, 2013, and 2015

Monday, February 27th, 2017

If you’re interested in knowing when specific Visual Studio compiler options have been introduced, here you go. 2003 to 2005 Option Purpose —— ——- /analyze Enable code analysis. /bigobj Increases the number of addressable sections in an .obj file. /doc Process documentation comments to an XML file. /errorReport Allows you to provide internal compiler error (ICE) […]

TimeJournal: Time Profiling for Humans

Friday, February 10th, 2017

Time Journal helps you analyze where you spend your time by infrequently asking the simple question: “What are you doing?” [Download here:]     How it Works Time Journal follows the same principles as a traditional software sampling profiler, but instead samples humans. By randomly recording your current task, Time Journal lets you analyze […]