Search Results

WebSockets from Scratch

Tuesday, August 13th, 2019

Background In the web application world – especially single-page applications – smooth and fluid interaction is key. For many years, these applications have been doing a pretty good job of getting this fluid interaction though AJAX techniques and browser support for XMLHttpRequest. One issue, however, is that XMLHttpRequest requires that all of your communication go […]

Efficiently Generating Python Hash Collisions

Tuesday, July 23rd, 2019

In 2003, Crosby and Wallach wrote an excellent paper demonstrating a new form of Denial of Service vulnerability against applications by abusing algorithmic complexity in the data structures that they depend on. For example, some data structures operate quite efficiently when given everyday input, but the performance degrades precipitously in certain edge cases. If an […]

Extracting Forensic Script Content from PowerShell Process Dumps

Thursday, January 17th, 2019

After posting Extracting Activity History from PowerShell Process Dumps, I got an interesting follow up question: “Is it possible to extract the content of scripts (from disk) that were executed, even if those files were not captured?” The answer is “Yes”, but it’s also complicated. And to make it even more complicated, we’re going to […]

Extracting Activity History from PowerShell Process Dumps

Friday, January 4th, 2019

Imagine that you’re investigating the compromise of a system. The system doesn’t have PowerShell Logging enabled, but you did capture a process dump while activity was happening. This memory dump is forensic gold, and the managed code debugging extension for WinDbg (“SOS” – Son of Strike) gives you all the tools you need to mine […]

Producer / Consumer Parallelism in PowerShell

Wednesday, September 5th, 2018

After it’s done indexing your data, Scour is blazingly fast at local content searches – far faster than Select-String, grep, or anything else that rips through files when you search. It accomplishes this through the power of the popular Lucene search engine. Similar to the way that publishers have made searching physical books fast, Lucene […]

Scour: Fast, Personal, Local Content Searches

Tuesday, August 28th, 2018

If you have a large collection of documents (source code or text files), searching them with PowerShell or your favourite code editor can feel like it takes forever. How is it that we can search the entire content of the Internet in milliseconds, but searching your local files can take minutes or hours? It turns […]

XOR is Not as Fancy as Malware Authors Think

Monday, April 9th, 2018

FireEye recently posted some research about an attack leveraging the NetSupport Remote Access tool. The first stage of this attack uses a lot of obfuscation tricks to try to make reverse engineering more difficult. David Ledbetter and I were chatting about some of the lengths the malware authors went through to obfuscate the content. One […]

Part-of-Speech Tagging with PowerShell

Wednesday, December 20th, 2017

When analyzing text, a common goal is to identify the parts of speech within that text – what parts are nouns? Adjectives? Verbs in their gerund form? To accomplish this goal, the area of natural language processing in Computer Science has developed systems for Part of Speech tagging, or “POS Tagging”. The acronym preceded the […]

Automatic Word Clustering: K-Means Clustering for Words

Monday, November 20th, 2017

K-Means clustering is a popular technique to find clusters of data based only on the data itself. This is most commonly applied to data that you can somehow describe as a series of numbers. When you can describe the data points as a series of numbers, K-Means clustering (Lloyd’s Algorithm) takes the following steps: Randomly […]

Easily Search for Vanity Ham Call Signs

Friday, November 3rd, 2017

When you first get your ham radio license, the FCC gives you a random call sign based on your location and roughly your date of application. The resulting call sign is usually pretty impersonal, but the FCC lets you apply for a “vanity” call sign for free. While the rules for these vanity call signs […]