It’s alive! Now in its 3rd edition, the PowerShell Pocket Reference is now available from Amazon and other major retailers. The Pocket Reference series, excerpted from the references of the PowerShell Cookbook, puts concise summaries of all of the information you need about PowerShell on a day-to-day basis right at your fingertips. Want to refresh your memory about how to write a zero-width negative lookbehind assertion in a PowerShell regular expression?
A class of security research out there that is a never-ending source of entertainment is “novel” communication methods. This shows up in many ways in the security industry, including: “Novel” C2 communication channels (DropBox, Telegram, DNS, Instagram comments, …) “Novel” air gap jumping techniques (HDD lights, high-frequency audio, …) “Novel” sideband communication techniques (Steganography, communication via processor cache latency) Ultimately, computers are amazing at encoding data and communicating in various ways, and humans are amazing at inventing various ways.
When optimizing website performance, the performance tools that Google has built are magical. One place I started when working on my site’s revamp was Google’s PageSpeed Insights. After running an analysis on my home page, I saw this warning: Almost a second of my site’s page load time was caused by loading non-critical CSS. You can use the “Coverage” tool in Chrome’s dev tools to dig into this deeper: As you can see, “all.
When hosting a static website or blog, you ultimately have to tackle the question: “What about the comments?". Statique provides a simple, self-hosted option.
When working with raw binary data (especially in security forensics), it is common to need to write parsers for this binary data. For example, extracting file contents out of the NTFS data structures on disk. For many common data structures, there are already binary parsers written for them that you can leverage, but you’ll still sometimes need to write your own. BinShred is a PowerShell module that lets you do this.
There are many times in security investigations where we want to quickly filter out “Known Good” and only focus on what remains. Bloom Filters are an excellent way to accomplish this.
If you’re running into the following error trying to get a device to sync with Intune: The sync could not be initiated (0x80190190) You probably have checked the Windows Event Log and also seen this error: MDM Session: OMA-DM message failed to be sent. Result: (Bad request (400).). I recently ran into this situation, and the cause was that I had opted into the Windows 10 default of signing in with a Microsoft Account.
It’s March 4, 2020. A pandemic grips the world, so you’re working from home. Can you last the month?
The mind is an incredibly complex organ. While all of us attempt to be mostly logical and rational in our day-to-day thought processes and decision making, we are hampered by an enormous number of cognitive biases. Cognitive biases are specific natural tendencies of human thought that often result in irrational decision making, and there are hundreds of them. Everybody has them them and is impacted by them – it is only through awareness that you can take steps to counteract them.
Summary When email users of several email services send mail using mechanisms other than that service’s web interface (i.e.: their phone or laptop’s email program), services commonly include the user’s IP address in message headers. This information disclosure lets recipients of these messages perform some privacy-invasive actions, such as: Approximate geographical location of the sender Correlation of separate email addresses, but sent by the the same sender Broadband and / or cellphone provider Users looking to send email in a manner that keeps this information private from message recipients should use either the web interface or an alternative mail provider.