Archive

Archive for the ‘Programming’ Category

Packing code within code – a HTA exercise in string manipulation

February 16, 2010 Leave a comment

I was working on a HTA tool this week, and to make things easier I wanted to encapsulate another HTA within it – really I just didn’t want to have to send two files to the user, I wanted everything in one, and rather than take the obvious approach of putting them both into a self-extracting zip, I decided to work out how to include the code of File B in File A.

Note – you can find the test files for this article on my companion site, CTOGoneWild

Pretty easy stuff I thought, just split B up into a string, and include a simple routine to write it out to the temp directory

    1 : Dim s : s="Some text to output to a file" &_
    2 :   " which is more than one line and go" &_
    4 :   "es on a bit."
    6 : Dim fso: Set fso = CreateObject("Scripting.filesystemobject")
    8 : fso.createtextfile("test.txt").write s

Read more…

Categories: Programming Tags: , ,

Tools and Utils – Latest Versions

January 1, 2010 Leave a comment

This page is mostly machine readable by my various tools and utilities so they know when to tell you there’s a new version.
But, if you find it interesting, well, all the better.

START: ProductVersionList
Livelog|1.50|10th Feb, 2010|http://wp.me/pyGw9-cd| Asynchronous update notifications
EEPCFSExplorer|1.09|10th Feb 2010|http://mcafee-int.hosted.jivesoftware.com/docs/DOC-1123|Changes to add menus and better error handling\nAsynchronous update notifications
ProductUpdate|9.99|4th Feb, 2010|No URL|Test update text\nwith\na couple of new lines.
EPELogReader|1.12|15th April, 2011|https://simonhunt.wordpress.com/2010/02/17/epe-log-reader-for-mcafee-endpoint-encryption-v6/|Updated to have a built in search for incompatible product messages.
EEFFMigrate|1.01|7th April 2010|http://planet.mcafee.com/docs/DOC-1273|Minor changes to support update notifications
McAf.ee GUI|1.40|19th October 2010|http://mcaf.ee/about|Added ieSpell Support\n\nAdded the ability to enter a block of text, for example if you want to make a tweet and shorten all the links at once\n\nAdded the ability to expand all the links in a block of text
END: ProductVersionList

Categories: Programming

Evil Maid, another nefarious trojan attack..

November 17, 2009 2 comments

Last month Joanna Rutkowska posted a very interesting article showing a practical “Evil Maid” attack against the open-source TrueCrypt FDE product.  The attack is reasonably simple, subvert the pre-boot authentication engine of the full-disk encryption product in question to add a password-sniffing routine, then wait for the unsuspecting user to authenticate to their machine and then retrieve the credentials at a later stage.

Evil Maid is simply hooking the pre-boot code of TrueCrypt and adding a routine to store the users password. Because the TrueCrypt code is quite simple, it’s a relatively easy thing to do, but the attack is theoretically valid regardless of this fact, just the effort to make the hook code increases with the sophistication of the pre-boot environment. Read more…

Hacking Exposed – Son of Scoop.pl

October 6, 2009 Leave a comment

After attending this mornings Hacking Exposed session at McAfee Focus 09, I was inspired to recreate Stuart McClure’s “Scoop.pl” script. I don’t have Python or Pearl installed on my machines, but I do have VBScript, and I do have Primalscript, so it seemed a simple thing to create this useful tool which helps you get the lowdown on what sites are present on a given URL. Read more…

Cold Boot Attacks Revisited (again).

September 16, 2009 2 comments

Following my recent post on FireWire Attacks, I thought I’d follow up on that other classic Full Disk Encryption exploit, The “Cold Boot Attack”.

Back in February 2008 a group of clever Princeton students published their infamous paper “Lest We Remember: Cold Boot Attacks on Encryption Keys“. Though the retention of data in RAM chips has been known since their invention, and certainly since at least 1978, The “Princeton Paper” reminded us that when you turn a computer off, it does not mean all the data from memory is instantly gone, and of course, if something important remained, like an encryption key, then your computer security might be vulnerable. Read more…

Firewire Attacks Revisited

September 14, 2009 4 comments

For those who follow these kinds of things, you’ll remember that back in 2004 an enterprising group of people (Maximilian DornseifMichael Becher, and Christian Klein) gave a series of talks on how to bypass many kinds of computer security using the FireWire ports. This attack, though obvious from reading the specification of the Firewire / i.LINK / IEEE 1394 bus, simply used a computer acting as a “rogue” device to read and modify any memory location on a target PC.

Yes, ANY memory location, and that’s quite supported, even required by the FireWire/iLink specification, which needs direct-memory-access for some devices (like iPODs) to function.

Enterprising people have written attacks that use this “exploit” to get around encryption products, and locked workstations on Mac, Linux and PC.

Read more…