20 years ago, I decided to put up a “Web Log” - or “blog” for short :) I didn’t know what would become of it, but I’m happy that I started. In the years since, this site has seen a ton of change: Hosted on a FreeBSD server under my desk, blogging via Perl and Bash scripts Once I started working on Encarta (which used an XML-based pipeline), ported to XML and XSL stylesheets, with a build system to generate HTML Once C# and .
I am extremely excited to announce that the 4th edition of the PowerShell Cookbook is now available! Now in its 4th edition, the PowerShell Cookbook is now available from Amazon and other major retailers. The 1st edition of the PowerShell Cookbook came out in 2007 - nearly 14 years ago! It had the single goal of making you immediately effective with PowerShell. While the Cookbook of course dives deep into all PowerShell’s most important cmdlets and language features, it teaches you in the context of accomplishing real-world tasks.
It’s alive! Now in its 3rd edition, the PowerShell Pocket Reference is now available from Amazon and other major retailers. The Pocket Reference series, excerpted from the references of the PowerShell Cookbook, puts concise summaries of all of the information you need about PowerShell on a day-to-day basis right at your fingertips. Want to refresh your memory about how to write a zero-width negative lookbehind assertion in a PowerShell regular expression?
A class of security research out there that is a never-ending source of entertainment is “novel” communication methods. This shows up in many ways in the security industry, including: “Novel” C2 communication channels (DropBox, Telegram, DNS, Instagram comments, …) “Novel” air gap jumping techniques (HDD lights, high-frequency audio, …) “Novel” sideband communication techniques (Steganography, communication via processor cache latency) Ultimately, computers are amazing at encoding data and communicating in various ways, and humans are amazing at inventing various ways.
When optimizing website performance, the performance tools that Google has built are magical. One place I started when working on my site’s revamp was Google’s PageSpeed Insights. After running an analysis on my home page, I saw this warning: Almost a second of my site’s page load time was caused by loading non-critical CSS. You can use the “Coverage” tool in Chrome’s dev tools to dig into this deeper: As you can see, “all.
When hosting a static website or blog, you ultimately have to tackle the question: “What about the comments?". Statique provides a simple, self-hosted option.
When working with raw binary data (especially in security forensics), it is common to need to write parsers for this binary data. For example, extracting file contents out of the NTFS data structures on disk. For many common data structures, there are already binary parsers written for them that you can leverage, but you’ll still sometimes need to write your own. BinShred is a PowerShell module that lets you do this.
There are many times in security investigations where we want to quickly filter out “Known Good” and only focus on what remains. Bloom Filters are an excellent way to accomplish this.
If you’re running into the following error trying to get a device to sync with Intune: The sync could not be initiated (0x80190190) You probably have checked the Windows Event Log and also seen this error: MDM Session: OMA-DM message failed to be sent. Result: (Bad request (400).). I recently ran into this situation, and the cause was that I had opted into the Windows 10 default of signing in with a Microsoft Account.
It’s March 4, 2020. A pandemic grips the world, so you’re working from home. Can you last the month?