Skip to main content
Installing .Net 3.5.1 on Windows 2008 R2
Attack Surface Analyzer
My team here at Microsoft Security Engineering Center just released our latest tool for the SDL, Attack Surface Analyzer. Dave has already blogged about the tool: https://blogs.msdn.com/b/sdl/archive/2011/01/17/announcing-attack-surface-analyzer.aspx.
In the new few weeks, the team and I will be blogging a little bit more about what the tool does and how the tool's functionality can be extended.
Attack Surface Analyzer x86 and x64 Download Link
Our original download link for the tool only had x64 msi. We had since fixed it with a new download link. However, most of the search engines have the original link as the top result. If you need the x86 version of the tool, please use this go link: https://go.microsoft.com/?linkid=9758398.
Automated Runs on Start Up
Note: this is for a non domain joined computer.
This is the scenario that I want. Once windows boot up, it logs onto a specific account automatically and then runs a program automatically. Once that finishes, the operating system shuts down.
First step is to run "control userpasswords2" on xp or "netplwiz" on vista. Do this via start->run or the windows+R key combo. This app allows you to set up auto logon with a specific user. When the top checkbox is checked, select a user, and then uncheck that checkbox. Now enter the password and click ok. Now, when the computer boots up, it will always automatically log on to the selected user.
To run a program on logon, there are actually a couple of options. The easiest one is to just add a shortcut/batch file into the startup folder inside the start menu. You can see a list of locations by running the autorun program from sysinternals at https://technet.microsoft.com/en-us/sysinternals/default.aspx.
To shut down the os once the designated program is done running, we want to have a batch file inside the startup folder. That batch file will start the designated program and shutdown the os. We can perform the shutdown portion by running the shutdown command. For a full list of options, simply run "shutdown /?" inside the commandline.
Best Codeplex Project Ever?
Have you ever wanted an open source library that implemented hello world? Neither have I, but someone went ahead and did it anyway:https://simplehelloworld.codeplex.com/. Note one of the reviews came from the author himself.
Best Tech Ad of 2009?
Possibility the best tech Ad I've ever seen: https://www.everythingusb.com/intel-usb-rock-star-16620.html. Good job, intel!
Bouncing Circle with HTML5 Canvas
This should work in ie9 and chrome. However, if you use ie9, make sure you set the browser and document mode to IE9 standards. There could be some refactor done on this code, but I wrote this in a few hours without any prior javascript or html5 experience:
test.html:
<html>
<head>
<style type="text/css">
canvas { border: 1px solid black; }
</style>
</head>
<body>
<script type="text/javascript" src="test.js"></script>
<button onclick="StartCircle()">startit!</button><br />
</body>
</html>
test.js:
var circle;
var path;
var canvas
var context
var keepgoing = true;
var maxwidth;
var maxheight;
var radius = 50;
var interval;
function StartCircle() {
if (canvas == null) {
canvas = document.createElement('canvas');
document.getElementsByTagName('body')[0].appendChild(canvas);
}
maxwidth = Math.floor(Math.random() * 700 + 100);
maxheight = Math.floor(Math.random() * 700 + 100);
canvas.setAttribute("width", maxwidth);
canvas.setAttribute("height", maxheight);
context = canvas.getContext('2d');
startwidth = Math.floor(Math.random() * (maxwidth - radius*2)) + radius;
startheight = Math.floor(Math.random() * (maxheight - radius*2)) + radius;
path = new Path(startwidth, startheight);
circle = new Circle(startwidth, startheight, radius);
if (interval != null)
clearInterval(interval);
interval = setInterval(Draw, 1);
}
function BorderSwitch(x, y)
{
var flipx = false;
var flipy = false;
if ((x+radius) == maxwidth || (x-radius) == 0)
flipx = true;
if ((y+radius) == maxheight || (y-radius) == 0)
flipy = true;
return new Flip(flipx, flipy);
}
function Flip(flipx, flipy)
{
this.flipx = flipx;
this.flipy = flipy;
}
function Path(x, y) {
this.x = x;
this.y = y;
deltax = Math.floor(Math.random() * 2) == 0? -1: 1;
deltay = Math.floor(Math.random() * 2) == 0 ? -1 : 1;
this.GetNext = function () {
var directionswitch = BorderSwitch(this.x, this.y);
if (directionswitch.flipx == true)
deltax *= -1;
if (directionswitch.flipy == true)
deltay *= -1;
this.x += deltax;
this.y += deltay;
};
}
function Circle(x, y, radius) {
this.x = x;
this.y = y;
this.radius = radius;
}
function Draw() {
path.GetNext();
circle.x = path.x;
circle.y = path.y;
context.clearRect(0, 0, maxwidth, maxheight);
context.strokeStyle = "#000000";
context.fillStyle = "#FFFF00";
context.beginPath();
context.arc(circle.x, circle.y, circle.radius, 0, Math.PI * 2, true);
context.closePath();
context.stroke();
context.fill();
}
Building Both VS2008 and VS2010 on the Same TFS 2008 Server Using MSBuild
My team recently upgraded some of our Visual Studio solutions to be 2010 based in order to take advantage some of the new features in the IDE. However, we quickly found out that the upgrade broke our build system. In order to build both vs2010 projects and vs2008 projects on one machine, you want to have a side by side build system. Here are some brief instructions that I used to get the whole thing working.
1. On your TFS 2008 build agent/controller/server, the one running tfsbuildservices.exe as the service "Visual Studio Team Foundation Build", install Visual Studio 2010 and the latest .NET 4.0.
2. Inside C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies, created a copy of tfsbuildservice.exe and the config file.
3. Inside the new config file, changed the ports to 9193 and
9194 and added msbuild to point to msbuild 4.0 binary under
windows\microsoft.net\framework\v4xxx\:
<add key="MSBuildPath" value="c:\windows\microsoft.net\Framework\v4.0.21006\" />
4. We need to reserve the port to be used by the user that will run our new service, in most cases, that is going to be Network Service:
wcfhttpconfig.exe reserve "NT AUTHORITY\NETWORK
SERVICE" 9193
5. Run the following to create the service
sc create "Visual Studio Team Foundation Build
VS2010" binpath= "C:\Program Files\Microsoft Visual Studio
9.0\Common7\IDE\PrivateAssemblies\tfsbuildservce2.exe"
6. Change the startup to automatic and logon account to NETWORK
SERVICE
7. Manually start service the first time around.
8. In windows(or whatever custom app) firewall, create a rule that allows tfsbuildservice2.exe
and port 9193
9. Create a new build agent that points to the build server but using port 9193 instead of the default 9191.
10. Now try to build a vs2010 solution using the new build agent.
If you get any error during the build, try some of the following.
Back up and make these changes to C:\Program Files\MSBuild\Microsoft\VisualStudio\TeamBuild\*target file:
1. Not getting the reason property -> deleted the reason node in xml
2. Rolled back the WorkspaceName to the TFS Build 2008 version:
After VS 2010 installation:
$(COMPUTERNAME)_$(BuildDefinitionId)_$(BuildAgentId)
TFS Build 2008:
$(COMPUTERNAME)_$(BuildDefinitionId)
Changing Executable Dll Characteristics Flags: DynamicBase, NX, AppContainer
Inside the PE header of all executables, there is something called DLL Characteristics which contains a set of flags that could tells Windows a little more about the application. You can view all the flags by using dumpbin.exe /headers <targetbinary>. This applies to more than just .exes, such as .ocx, .dll, etc. Sometimes, you might want to change a dll characteristic. To do that, just run link.exe /edit /dynamicbase:NO <targetbinary>.
Delete Remote Files Via WMI and Powershell
Ever wanted to delete a file on a remote computer without using the net use/shared folder stuff? Well, with powershell, or more accurately, with WMI, you can:
PS C:\Program Files\Microsoft\> $a = Get-WMIObject -query "Select * From CIM_DataFile Where Name ='C:\\test.txt'" -computer "meng-test1"
PS C:\Program Files\Microsoft\> $a.Delete()
What the first line says is get me all CIM_DataFile whose name is C:\test.txt on the computer whose name is meng-test1.. That returns you a CIM_DataFile object which has a method called Delete that does exactly what the name suggests.
Enable Missing Kernel Debugging Transport in Visual Studio 2012
By default, when you install Visual Studio 2012, you won't have Kernel Debugging in the list of transports as described in https://msdn.microsoft.com/en-us/library/windows/hardware/hh439359%28v=vs.85%29.aspx and in https://msdn.microsoft.com/en-us/library/windows/hardware/jj149675.aspx. To fix this, install the WDK.
Error 80040200 When Regsvr Registering Com/Activex Controls
Sometimes when I try to register a com control, I get the following error dialog.
[Window Title]
RegSvr32
[Content]
The module ".\crash.ocx" was loaded but the call to DllRegisterServer failed with error code 0x80040201.
For more information about this problem, search online using the error code as a search term.
[OK]
On Vista/Win 7 boxes, normal command prompt run without admin privilege. Registering com control requires admin rights because it makes an entry in the overall system registry. This error message is basically an error message on the lack of rights the current user has. To fix, simply start an admin command line prompt and regsvr the control binary again.
!exploitable Extension for WinDBG
Continuing the trend of giving plugs to my coworker's software. 2 months ago, a couple of my coworkers took what was a in house security project to the open source world. Since then, the tool has been getting pretty good comments/reviews due to the positive impact it can have on the security ecosystem. It is called !exploitable and it's available here: https://www.codeplex.com/msecdbg. Like !analyze, this tool works within the Microsoft debugger WinDBG. It basically analyzes a crash file, and tell you whether that crash is potentially exploitable.
Exploiting Online Games
At RSA last week, there was an interesting panel on hacking games(woot!) https://news.cnet.com/8301-10797_3-10226485-235.html
Back in the days of playing Asheron's Call in high school, bots and certain hacks existed to bypass the set rules that the designer tried to put in place. These were normally done by professional programmers with some spare time at night. However, a billion dollars a year now exchange hands in online gaming communities. With this kind of money, I can see some really efficient medium sized corporations spring up to do what amatuer game hackers use to do in the 90s. I do know about the small shops(normally 1-10 people) that made glider bot and contracted Chinese players. But what I am imagining soon is the existence of 100+ employee companies that have wow division, everquest division, eve online division, etc. I can see a whole new industry behind this.
What differentiate online games from normal client/server application is the ratio of the number of attack surfaces in games versus the size of the game. A game developed by a 30 people team can have as many attack surface as an application pair like exchange/outlook, which I imagine has thousands of people behind. Attack surface is basically any place where an input is accepted. Ie if in the game a virtual vendor, or an NPC, can accept items and give players money back. That interaction there is an attack surface. What would happen if you give the vendor 2^32-1 sticks?
Facinating Talks That Everyone Could Benefit From
So about a year or two ago, I found and discovered PBS' frontline online. You can check it out at www.pbs.org/frontline. But more importantly, around the same time, I found TED talks. The best video I've seen on TED is probably the one by Hans Rosling on global health and economy at https://www.ted.com/index.php/talks/hans_rosling_shows_the_best_stats_you_ve_ever_seen.html. Check it out.
File ACL Vulnerability 101
The most basic scenario when it comes to file ACL attacks is the lay in wait attack. In Windows, for each file, there is a security description for the users allowed to touch or disallowed to touch that file. The description involves things such as read ability, write ability, modify ability, and so on. Most files in Windows have read ability set to on for all users. However, there are certain folders that by default do not have write privilege granted to all users. The examples are the Program Files folder and the Windows folder. This is done so that a regular user does not have the access to modify applications installed or the windows binaries.
Imagine a scenario at a university lab. As the lab admin, you want to grant students the ability to run Matlab, but you do not want them to modify the Matlab executable into some malicious trojan for the next user that uses the computer. So you grant read access and deny write access to the Matlab folder for students. File ACL vulnerability could happen if that admin forgets to deny write access to the Matlab folder. Student A could then overwrite matlab.exe with a keylogger that has the same name. Now, when student B logs on, or even better, when the lab admin logs on and attempt to run Matlab, you now have a keylogger running on the lab computer. The cleaver hackers will start the keylogger and then start Matlab, so none of this is ever detected.
File ACL Vulnerability Part 2
In this post, I will attempt to explain and expand on what I talked about in my previous post on File ACL Vulnerability.
ACL - Access Control List
What I previously described applied to Windows. But the concept and similar attacks could be made against any operating system that allows more than one user to log on and off of the system. There is a pretty descriptive article on Linux File ACL at UNC's website https://www.cs.unc.edu/cgi-bin/howto?howto=linux-file-acls. Or check out the generic MSDN Windows ACL article at https://msdn.microsoft.com/en-us/library/ms229742.aspx.
Expanding on the scenario discussed in my previous File ACL post, the problem extends to more than just executables with "bad" ACLs. At CanSecWest 2008, Sun Bing discussed a vulnerability in VMWare where the configuration file has a bad ACL. Coincidentally the configuration file also contained the location to one of the service exes. A regular user then can modify this configuration file and get admin privilege when the admin runs VMWare. The exactly details of the attack escapes me at the moment, but the problem was fixed prior to Bing's talk.
Finally Fast the Scam?
This commercial rocked my world: https://www.youtube.com/watch?v=atd8dowrbNI&feature=player_embedded
So apparently these malware detection programs have finally begin to advertise on TV in addition to their traditional annoying <$!!@$$>! pop up ad campaign. Anyway, everything this program does can be done by another program that is free. Just search for "Finally Fast scam" in Google or Live. The blog posts in the results contain hundreds of free alternatives.
NOTE: i did not go into the security concerns related to this product because #1 it's too much typing #2 it should be pretty obvious from that ad.
First Post/Introduction
I am a 20 some year old software engineer working within the security group here at Microsoft. Things I work on include: Threat Modeling Tool, attack surface analysis, COM, ActiveX, binary analysis, and some fuzzing throwing in there. I will post articles regarding security, Microsft, and most importantly, myself.
Google "Office" Taking Over Microsoft Office
Nothing could stop Google from taking over Microsoft Office except these 5 items:
1. The amount of sheer work involved. Microsoft Office has been in development for well over a decade now. Even just cloning it would take a huge amount of labor and financial investment. And then add on top of that, making it actually better than what Microsoft has would take even more time, planning, strategizing, and investment. Google is big, but they bought so many companies and have so many projects going I question whether they would have the manpower for such an investment.
2. Infrastructure is stopping Google. Animations, eye candy, processing power... all of those are subpar when you are talking about the Internet. Yes, you have flash which looks good, but the downloading of the swf files embeded in the pages can be quite slow, and it would get even slower if lots of people started using it (unless Google made some more monstrous server farms, and that would be another huge economic investment). Some things are simply resource intensive enough that they are just better done on the desktop. (And yes, wordprocessing seems simple, but when you start packing in lots and lots of features, animations, etc, you generate a large memory and resource footprint)
3. Security is stopping Google. Corporations are not going to start editing their sensative files over the Internet. They aren't going to transmit that data all over the web, and they aren't going to store it on Google's servers. They just won't, regardless of whether encryption is used. It will be viewed as too big a risk. Although leaving it on your desktop is only marginally safer:)
4. Entrenchment is stopping Google. Microsoft Office is entrenched. I'm not just talking about users being comfortable and used to it (and therefore not wanting to change), I'm talking about being entrenched corporately. Most corporations have built innumerable applications that integrate and work with office, and you can't just rip out one suite and replace it with another without causing the majority of enterprise processes and applications to break. Very few corporations are going to be willing to switch unless Google somehow comes up with some undeniable, overwhelming reason that they must use the Google product. And I can't think of any scenario that would fit that bill (this very issue, btw, is why Open Office is not, and probably never will be, adopted at the corporate level).
5. Lack of financial gain is therefore stopping Google. Unless Google can think of ways to overcome all of these issues, they are not going to recoup their investment (and make no mistake, developing an Internet Office application that is better than MS Office is an incredibly large investment). There are many other areas less dominated by competitors where the pickings are easier and the return on investment is higher. They may make simple spreadsheet apps that may drive a few private users to their site (and generate some advertising dollars from the extra traffic), but trying to truly trying to take dominance from Microsoft in the Office arena simply isn't going to be in their gameplan. It just isn't worth it.
My 2 cents.
Installing .Net 3.5.1 on Windows 2008 R2
Sometimes when you try to install .Net 3.5 on Windows 2008 R2, you would get an error message:
You must use the Role Management Tool to install or configure Microsoft .NET Framework 3.5 SP1.
To get around this, right click on computer, select manage. Select Server Feature node and add a new feature. The first one on the list should be .NET 3.5 Features. Install that and voila.
Popular posts from this blog
[Excel] 문서에 오류가 있는지 확인하는 방법 Excel 문서를 편집하는 도중에 "셀 서식이 너무 많습니다." 메시지가 나오면서 서식을 더 이상 추가할 수 없거나, 문서의 크기가 예상보다 너무 클 때 , 특정 이름이 이미 있다는 메시지가 나오면서 '이름 충돌' 메시지가 계속 나올 때 가 있을 것입니다. 문서에 오류가 있는지 확인하는 방법에 대해서 설명합니다. ※ 문서를 수정하기 전에 수정 과정에서 데이터가 손실될 가능성이 있으므로 백업 본을 하나 만들어 놓습니다. 현상 및 원인 "셀 서식이 너무 많습니다." Excel의 Workbook은 97-2003 버전의 경우 약 4,000개 2007 버전의 경우 약 64,000개 의 서로 다른 셀 서식 조합을 가질 수 있습니다. 셀 서식 조합이라는 것은 글꼴 서식(예- 글꼴 종류, 크기, 기울임, 굵은 글꼴, 밑줄 등)이나 괘선(괘선의 위치, 색상 등), 무늬나 음영, 표시 형식, 맞춤, 셀 보호 등 을 포함합니다. Excel 2007에서는 1,024개의 전역 글꼴 종류를 사용할 수 있고 통합 문서당 512개까지 사용할 수 있습니다. 따라서 셀 서식 조합의 개수 제한을 초과한 경우에는 "셀 서식이 너무 많습니다." 메시지가 발생하는 것입니다. 그러나 대부분의 경우, 사용자가 직접 넣은 서식으로 개수 제한을 초과하는 경우는 드뭅니다. 셀 서식이 개수 제한을 넘도록 자동으로 서식을 추가해 주는 Laroux나 Pldt 같은 매크로 바이러스 에 감염이 되었거나, 매크로 바이러스에 감염이 되었던 문서의 시트를 [시트 이동/복사]하여 가져온 경우 시트의 서식, 스타일이 옮겨와 문제가 될 수 있습니다. "셀 서식이 너무 많습니다." 메시지가 발생하지 않도록 하기 위한 예방법 글꼴(종류, 크기, 색, 굵기, 기울임, 밑줄), 셀 채우기 색, 행 높이, 열 너비, 테두리(선 종류, ...
Update – Removing Built-in Applications from Windows 8 In October last year I published a script that is designed to remove the built-in Windows 8 applications when creating a Windows 8 image. After a reading some of the comments in that blog post I decided to create a new version of the script that is simpler to use. The new script removes the need to know the full name for the app and the different names for each architecture. I am sure you will agree that this name - Microsoft.Bing – is much easier to manage than this - Microsoft.Bing_1.2.0.137_x86__8wekyb3d8bbwe. The script below takes a simple list of Apps and then removes the provisioned package and the package that is installed for the Administrator. To adjust the script for your requirements simply update the $AppList comma separated list to include the Apps you want to remove. $AppsList = "Microsoft.Bing" , "Microsoft.BingFinance" , "Microsoft.BingMaps" , "Microsoft.Bing...
VSS yedekleme testi nasıl yapılır Exchange üzerinde bulunan verilerin yedeklenmesi (backup) ve geri yüklenmesi (restore) baslibasina çok önemli bir konudur. Bir yedegin saglikli alinmasi kadar restore isleminin basarili bir biçimde yapilabilmesi de test edilmesi gereken önemli bir islem. Exchange destegi olan (aware) diye adlandirdigimiz yazilimlar exchange writer'lari kullanarak VSS teknolojisi ile yedek alirlar. Yedekleme esnasinda karsilasilan sorunlarin büyük bölümünün nedeni, yazilimlarin uyumsuzlugu ya da bu yazilimlardaki yanlis bir ayar olabilmektedir. Bunun tespiti için, yani yedek alma sirasinda sorunun VSS Writer'dan mi, disk sisteminden mi ve/veya yedekleme yazilimindan mi kaynaklandigini anlayabilmek için Betest aracini kullanabilirsiniz. BETEST, Windows SDK yada Volume Shadow Copy Service SDK 7.2 (sonraki versiyonlarda mevcut) içerisinde bulunan yardimci bir araçtir. Araci kolaylikla bulabilir ve kurabilirsiniz. Kurulum islemini exchange sunucunuz...
Comments
Post a Comment