Skip to main content
Installing .Net 3.5.1 on Windows 2008 R2
Attack Surface Analyzer
My team here at Microsoft Security Engineering Center just released our latest tool for the SDL, Attack Surface Analyzer. Dave has already blogged about the tool: https://blogs.msdn.com/b/sdl/archive/2011/01/17/announcing-attack-surface-analyzer.aspx.
In the new few weeks, the team and I will be blogging a little bit more about what the tool does and how the tool's functionality can be extended.
Attack Surface Analyzer x86 and x64 Download Link
Our original download link for the tool only had x64 msi. We had since fixed it with a new download link. However, most of the search engines have the original link as the top result. If you need the x86 version of the tool, please use this go link: https://go.microsoft.com/?linkid=9758398.
Automated Runs on Start Up
Note: this is for a non domain joined computer.
This is the scenario that I want. Once windows boot up, it logs onto a specific account automatically and then runs a program automatically. Once that finishes, the operating system shuts down.
First step is to run "control userpasswords2" on xp or "netplwiz" on vista. Do this via start->run or the windows+R key combo. This app allows you to set up auto logon with a specific user. When the top checkbox is checked, select a user, and then uncheck that checkbox. Now enter the password and click ok. Now, when the computer boots up, it will always automatically log on to the selected user.
To run a program on logon, there are actually a couple of options. The easiest one is to just add a shortcut/batch file into the startup folder inside the start menu. You can see a list of locations by running the autorun program from sysinternals at https://technet.microsoft.com/en-us/sysinternals/default.aspx.
To shut down the os once the designated program is done running, we want to have a batch file inside the startup folder. That batch file will start the designated program and shutdown the os. We can perform the shutdown portion by running the shutdown command. For a full list of options, simply run "shutdown /?" inside the commandline.
Best Codeplex Project Ever?
Have you ever wanted an open source library that implemented hello world? Neither have I, but someone went ahead and did it anyway:https://simplehelloworld.codeplex.com/. Note one of the reviews came from the author himself.
Best Tech Ad of 2009?
Possibility the best tech Ad I've ever seen: https://www.everythingusb.com/intel-usb-rock-star-16620.html. Good job, intel!
Bouncing Circle with HTML5 Canvas
This should work in ie9 and chrome. However, if you use ie9, make sure you set the browser and document mode to IE9 standards. There could be some refactor done on this code, but I wrote this in a few hours without any prior javascript or html5 experience:
test.html:
<html>
<head>
<style type="text/css">
canvas { border: 1px solid black; }
</style>
</head>
<body>
<script type="text/javascript" src="test.js"></script>
<button onclick="StartCircle()">startit!</button><br />
</body>
</html>
test.js:
var circle;
var path;
var canvas
var context
var keepgoing = true;
var maxwidth;
var maxheight;
var radius = 50;
var interval;
function StartCircle() {
if (canvas == null) {
canvas = document.createElement('canvas');
document.getElementsByTagName('body')[0].appendChild(canvas);
}
maxwidth = Math.floor(Math.random() * 700 + 100);
maxheight = Math.floor(Math.random() * 700 + 100);
canvas.setAttribute("width", maxwidth);
canvas.setAttribute("height", maxheight);
context = canvas.getContext('2d');
startwidth = Math.floor(Math.random() * (maxwidth - radius*2)) + radius;
startheight = Math.floor(Math.random() * (maxheight - radius*2)) + radius;
path = new Path(startwidth, startheight);
circle = new Circle(startwidth, startheight, radius);
if (interval != null)
clearInterval(interval);
interval = setInterval(Draw, 1);
}
function BorderSwitch(x, y)
{
var flipx = false;
var flipy = false;
if ((x+radius) == maxwidth || (x-radius) == 0)
flipx = true;
if ((y+radius) == maxheight || (y-radius) == 0)
flipy = true;
return new Flip(flipx, flipy);
}
function Flip(flipx, flipy)
{
this.flipx = flipx;
this.flipy = flipy;
}
function Path(x, y) {
this.x = x;
this.y = y;
deltax = Math.floor(Math.random() * 2) == 0? -1: 1;
deltay = Math.floor(Math.random() * 2) == 0 ? -1 : 1;
this.GetNext = function () {
var directionswitch = BorderSwitch(this.x, this.y);
if (directionswitch.flipx == true)
deltax *= -1;
if (directionswitch.flipy == true)
deltay *= -1;
this.x += deltax;
this.y += deltay;
};
}
function Circle(x, y, radius) {
this.x = x;
this.y = y;
this.radius = radius;
}
function Draw() {
path.GetNext();
circle.x = path.x;
circle.y = path.y;
context.clearRect(0, 0, maxwidth, maxheight);
context.strokeStyle = "#000000";
context.fillStyle = "#FFFF00";
context.beginPath();
context.arc(circle.x, circle.y, circle.radius, 0, Math.PI * 2, true);
context.closePath();
context.stroke();
context.fill();
}
Building Both VS2008 and VS2010 on the Same TFS 2008 Server Using MSBuild
My team recently upgraded some of our Visual Studio solutions to be 2010 based in order to take advantage some of the new features in the IDE. However, we quickly found out that the upgrade broke our build system. In order to build both vs2010 projects and vs2008 projects on one machine, you want to have a side by side build system. Here are some brief instructions that I used to get the whole thing working.
1. On your TFS 2008 build agent/controller/server, the one running tfsbuildservices.exe as the service "Visual Studio Team Foundation Build", install Visual Studio 2010 and the latest .NET 4.0.
2. Inside C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies, created a copy of tfsbuildservice.exe and the config file.
3. Inside the new config file, changed the ports to 9193 and
9194 and added msbuild to point to msbuild 4.0 binary under
windows\microsoft.net\framework\v4xxx\:
<add key="MSBuildPath" value="c:\windows\microsoft.net\Framework\v4.0.21006\" />
4. We need to reserve the port to be used by the user that will run our new service, in most cases, that is going to be Network Service:
wcfhttpconfig.exe reserve "NT AUTHORITY\NETWORK
SERVICE" 9193
5. Run the following to create the service
sc create "Visual Studio Team Foundation Build
VS2010" binpath= "C:\Program Files\Microsoft Visual Studio
9.0\Common7\IDE\PrivateAssemblies\tfsbuildservce2.exe"
6. Change the startup to automatic and logon account to NETWORK
SERVICE
7. Manually start service the first time around.
8. In windows(or whatever custom app) firewall, create a rule that allows tfsbuildservice2.exe
and port 9193
9. Create a new build agent that points to the build server but using port 9193 instead of the default 9191.
10. Now try to build a vs2010 solution using the new build agent.
If you get any error during the build, try some of the following.
Back up and make these changes to C:\Program Files\MSBuild\Microsoft\VisualStudio\TeamBuild\*target file:
1. Not getting the reason property -> deleted the reason node in xml
2. Rolled back the WorkspaceName to the TFS Build 2008 version:
After VS 2010 installation:
$(COMPUTERNAME)_$(BuildDefinitionId)_$(BuildAgentId)
TFS Build 2008:
$(COMPUTERNAME)_$(BuildDefinitionId)
Changing Executable Dll Characteristics Flags: DynamicBase, NX, AppContainer
Inside the PE header of all executables, there is something called DLL Characteristics which contains a set of flags that could tells Windows a little more about the application. You can view all the flags by using dumpbin.exe /headers <targetbinary>. This applies to more than just .exes, such as .ocx, .dll, etc. Sometimes, you might want to change a dll characteristic. To do that, just run link.exe /edit /dynamicbase:NO <targetbinary>.
Delete Remote Files Via WMI and Powershell
Ever wanted to delete a file on a remote computer without using the net use/shared folder stuff? Well, with powershell, or more accurately, with WMI, you can:
PS C:\Program Files\Microsoft\> $a = Get-WMIObject -query "Select * From CIM_DataFile Where Name ='C:\\test.txt'" -computer "meng-test1"
PS C:\Program Files\Microsoft\> $a.Delete()
What the first line says is get me all CIM_DataFile whose name is C:\test.txt on the computer whose name is meng-test1.. That returns you a CIM_DataFile object which has a method called Delete that does exactly what the name suggests.
Enable Missing Kernel Debugging Transport in Visual Studio 2012
By default, when you install Visual Studio 2012, you won't have Kernel Debugging in the list of transports as described in https://msdn.microsoft.com/en-us/library/windows/hardware/hh439359%28v=vs.85%29.aspx and in https://msdn.microsoft.com/en-us/library/windows/hardware/jj149675.aspx. To fix this, install the WDK.
Error 80040200 When Regsvr Registering Com/Activex Controls
Sometimes when I try to register a com control, I get the following error dialog.
[Window Title]
RegSvr32
[Content]
The module ".\crash.ocx" was loaded but the call to DllRegisterServer failed with error code 0x80040201.
For more information about this problem, search online using the error code as a search term.
[OK]
On Vista/Win 7 boxes, normal command prompt run without admin privilege. Registering com control requires admin rights because it makes an entry in the overall system registry. This error message is basically an error message on the lack of rights the current user has. To fix, simply start an admin command line prompt and regsvr the control binary again.
!exploitable Extension for WinDBG
Continuing the trend of giving plugs to my coworker's software. 2 months ago, a couple of my coworkers took what was a in house security project to the open source world. Since then, the tool has been getting pretty good comments/reviews due to the positive impact it can have on the security ecosystem. It is called !exploitable and it's available here: https://www.codeplex.com/msecdbg. Like !analyze, this tool works within the Microsoft debugger WinDBG. It basically analyzes a crash file, and tell you whether that crash is potentially exploitable.
Exploiting Online Games
At RSA last week, there was an interesting panel on hacking games(woot!) https://news.cnet.com/8301-10797_3-10226485-235.html
Back in the days of playing Asheron's Call in high school, bots and certain hacks existed to bypass the set rules that the designer tried to put in place. These were normally done by professional programmers with some spare time at night. However, a billion dollars a year now exchange hands in online gaming communities. With this kind of money, I can see some really efficient medium sized corporations spring up to do what amatuer game hackers use to do in the 90s. I do know about the small shops(normally 1-10 people) that made glider bot and contracted Chinese players. But what I am imagining soon is the existence of 100+ employee companies that have wow division, everquest division, eve online division, etc. I can see a whole new industry behind this.
What differentiate online games from normal client/server application is the ratio of the number of attack surfaces in games versus the size of the game. A game developed by a 30 people team can have as many attack surface as an application pair like exchange/outlook, which I imagine has thousands of people behind. Attack surface is basically any place where an input is accepted. Ie if in the game a virtual vendor, or an NPC, can accept items and give players money back. That interaction there is an attack surface. What would happen if you give the vendor 2^32-1 sticks?
Facinating Talks That Everyone Could Benefit From
So about a year or two ago, I found and discovered PBS' frontline online. You can check it out at www.pbs.org/frontline. But more importantly, around the same time, I found TED talks. The best video I've seen on TED is probably the one by Hans Rosling on global health and economy at https://www.ted.com/index.php/talks/hans_rosling_shows_the_best_stats_you_ve_ever_seen.html. Check it out.
File ACL Vulnerability 101
The most basic scenario when it comes to file ACL attacks is the lay in wait attack. In Windows, for each file, there is a security description for the users allowed to touch or disallowed to touch that file. The description involves things such as read ability, write ability, modify ability, and so on. Most files in Windows have read ability set to on for all users. However, there are certain folders that by default do not have write privilege granted to all users. The examples are the Program Files folder and the Windows folder. This is done so that a regular user does not have the access to modify applications installed or the windows binaries.
Imagine a scenario at a university lab. As the lab admin, you want to grant students the ability to run Matlab, but you do not want them to modify the Matlab executable into some malicious trojan for the next user that uses the computer. So you grant read access and deny write access to the Matlab folder for students. File ACL vulnerability could happen if that admin forgets to deny write access to the Matlab folder. Student A could then overwrite matlab.exe with a keylogger that has the same name. Now, when student B logs on, or even better, when the lab admin logs on and attempt to run Matlab, you now have a keylogger running on the lab computer. The cleaver hackers will start the keylogger and then start Matlab, so none of this is ever detected.
File ACL Vulnerability Part 2
In this post, I will attempt to explain and expand on what I talked about in my previous post on File ACL Vulnerability.
ACL - Access Control List
What I previously described applied to Windows. But the concept and similar attacks could be made against any operating system that allows more than one user to log on and off of the system. There is a pretty descriptive article on Linux File ACL at UNC's website https://www.cs.unc.edu/cgi-bin/howto?howto=linux-file-acls. Or check out the generic MSDN Windows ACL article at https://msdn.microsoft.com/en-us/library/ms229742.aspx.
Expanding on the scenario discussed in my previous File ACL post, the problem extends to more than just executables with "bad" ACLs. At CanSecWest 2008, Sun Bing discussed a vulnerability in VMWare where the configuration file has a bad ACL. Coincidentally the configuration file also contained the location to one of the service exes. A regular user then can modify this configuration file and get admin privilege when the admin runs VMWare. The exactly details of the attack escapes me at the moment, but the problem was fixed prior to Bing's talk.
Finally Fast the Scam?
This commercial rocked my world: https://www.youtube.com/watch?v=atd8dowrbNI&feature=player_embedded
So apparently these malware detection programs have finally begin to advertise on TV in addition to their traditional annoying <$!!@$$>! pop up ad campaign. Anyway, everything this program does can be done by another program that is free. Just search for "Finally Fast scam" in Google or Live. The blog posts in the results contain hundreds of free alternatives.
NOTE: i did not go into the security concerns related to this product because #1 it's too much typing #2 it should be pretty obvious from that ad.
First Post/Introduction
I am a 20 some year old software engineer working within the security group here at Microsoft. Things I work on include: Threat Modeling Tool, attack surface analysis, COM, ActiveX, binary analysis, and some fuzzing throwing in there. I will post articles regarding security, Microsft, and most importantly, myself.
Google "Office" Taking Over Microsoft Office
Nothing could stop Google from taking over Microsoft Office except these 5 items:
1. The amount of sheer work involved. Microsoft Office has been in development for well over a decade now. Even just cloning it would take a huge amount of labor and financial investment. And then add on top of that, making it actually better than what Microsoft has would take even more time, planning, strategizing, and investment. Google is big, but they bought so many companies and have so many projects going I question whether they would have the manpower for such an investment.
2. Infrastructure is stopping Google. Animations, eye candy, processing power... all of those are subpar when you are talking about the Internet. Yes, you have flash which looks good, but the downloading of the swf files embeded in the pages can be quite slow, and it would get even slower if lots of people started using it (unless Google made some more monstrous server farms, and that would be another huge economic investment). Some things are simply resource intensive enough that they are just better done on the desktop. (And yes, wordprocessing seems simple, but when you start packing in lots and lots of features, animations, etc, you generate a large memory and resource footprint)
3. Security is stopping Google. Corporations are not going to start editing their sensative files over the Internet. They aren't going to transmit that data all over the web, and they aren't going to store it on Google's servers. They just won't, regardless of whether encryption is used. It will be viewed as too big a risk. Although leaving it on your desktop is only marginally safer:)
4. Entrenchment is stopping Google. Microsoft Office is entrenched. I'm not just talking about users being comfortable and used to it (and therefore not wanting to change), I'm talking about being entrenched corporately. Most corporations have built innumerable applications that integrate and work with office, and you can't just rip out one suite and replace it with another without causing the majority of enterprise processes and applications to break. Very few corporations are going to be willing to switch unless Google somehow comes up with some undeniable, overwhelming reason that they must use the Google product. And I can't think of any scenario that would fit that bill (this very issue, btw, is why Open Office is not, and probably never will be, adopted at the corporate level).
5. Lack of financial gain is therefore stopping Google. Unless Google can think of ways to overcome all of these issues, they are not going to recoup their investment (and make no mistake, developing an Internet Office application that is better than MS Office is an incredibly large investment). There are many other areas less dominated by competitors where the pickings are easier and the return on investment is higher. They may make simple spreadsheet apps that may drive a few private users to their site (and generate some advertising dollars from the extra traffic), but trying to truly trying to take dominance from Microsoft in the Office arena simply isn't going to be in their gameplan. It just isn't worth it.
My 2 cents.
Installing .Net 3.5.1 on Windows 2008 R2
Sometimes when you try to install .Net 3.5 on Windows 2008 R2, you would get an error message:
You must use the Role Management Tool to install or configure Microsoft .NET Framework 3.5 SP1.
To get around this, right click on computer, select manage. Select Server Feature node and add a new feature. The first one on the list should be .NET 3.5 Features. Install that and voila.
Popular posts from this blog
视频教程和截图:Windows8.1 Update 1 [原文发表地址] : Video Tutorial and Screenshots: Windows 8.1 Update 1 [原文发表时间] : 4/3/2014 我有一个私人的MSDN账户,所以我第一时间下载安装了Windows8.1 Update,在未来的几周内他将会慢慢的被公诸于世。 这会是最终的版本吗?它只是一项显著的改进而已。我在用X1碳触摸屏的笔记本电脑,虽然他有一个触摸屏,但我经常用的却是鼠标和键盘。在Store应用程序(全屏)和桌面程序之间来回切换让我感到很惬意,但总是会有一点瑕疵。你正在跨越两个世界。我想要生活在统一的世界,而这个Windows的更新以统一的度量方式将他们二者合并到一起,这就意味着当我使用我的电脑的时候会非常流畅。 我刚刚公开了一个全新的5分钟长YouTube视频,它可以带你参观一下一些新功能。 https://www.youtube.com/watch?feature=player_embedded&v=BcW8wu0Qnew#t=0 在你升级完成之后,你会立刻注意到Windows Store-一个全屏的应用程序,请注意它是固定在你的桌面的任务栏上。现在你也可以把任何的应用程序固定到你的任务栏上。 甚至更好,你可以右键关闭它们,就像以前一样: 像Xbox Music这种使用媒体控件的Windows Store应用程序也能获得类似于任务栏按钮内嵌媒体控件的任务栏功能增强。在这里,当我在桌面的时候,我可以控制Windows Store里面的音乐。当你按音量键的时候,通用音乐的控件也会弹出来。 现在开始界面上会有一个电源按钮和搜索键 如果你用鼠标右键单击一个固定的磁片形图标(或按Shift+F10),你将会看到熟悉的菜单,通过菜单你可以改变大小,固定到任务栏等等。 还添加了一些不错的功能和微妙变化,这对经常出差的我来说非常棒。我现在可以管理我已知的Wi-Fi网络了,这在Win7里面是被去掉了或是隐藏了,以至于我曾经写了一个实用的 管理无线网络程序 。好了,现在它又可用了。 你可以将鼠标移至Windows Store应用程序的顶部,一个小标题栏会出现。单击标题栏的左边,然后你就可以...
Moving on with WebParticles 1 Deploying to the _app_bin folder This post adds to Tony Rabun's post "WebParticles: Developing and Using Web User Controls WebParts in Microsoft Office SharePoint Server 2007" . In the original post, the web part DLLs are deployed in the GAC. During the development period, this could become a bit of a pain as you will be doing numerous compile, deploy then test cycles. Putting the DLLs in the _app_bin folder of the SharePoint web application makes things a bit easier. Make sure the web part class that load the user control has the GUID attribute and the constructor sets the export mode to all. Figure 1 - The web part class 2. Add the AllowPartiallyTrustedCallers Attribute to the AssemblyInfo.cs file of the web part project and all other DLL projects it is referencing. Figure 2 - Marking the assembly with AllowPartiallyTrustedCallers attribute 3. Copy all the DLLs from the bin folder of the web part...
Update – Removing Built-in Applications from Windows 8 In October last year I published a script that is designed to remove the built-in Windows 8 applications when creating a Windows 8 image. After a reading some of the comments in that blog post I decided to create a new version of the script that is simpler to use. The new script removes the need to know the full name for the app and the different names for each architecture. I am sure you will agree that this name - Microsoft.Bing – is much easier to manage than this - Microsoft.Bing_1.2.0.137_x86__8wekyb3d8bbwe. The script below takes a simple list of Apps and then removes the provisioned package and the package that is installed for the Administrator. To adjust the script for your requirements simply update the $AppList comma separated list to include the Apps you want to remove. $AppsList = "Microsoft.Bing" , "Microsoft.BingFinance" , "Microsoft.BingMaps" , "Microsoft.Bing...
Comments
Post a Comment