This RSS feed has moved
Precision Computing - Software Design and Development
by
3y ago
This RSS feed has moved. Please update your reader to point to https://www.leeholmes.com/index.xml ..read more
Visit website
BinShred–Parsing Arbitrary Binary Data in PowerShell
Precision Computing - Software Design and Development
by Lee Holmes
3y ago
When working with raw binary data (especially in security forensics), it is common to need to write parsers for this binary data. For example, extracting file contents out of the NTFS data structures on disk. For many common data structures, there are already binary parsers written for them that you can leverage, but you’ll still sometimes need to write your own. BinShred is a PowerShell module that lets you do this. BinShred uses a custom parsing language called a BinShred Template (.bst). Unlike the code-heavy templates used by things like 010 Editor, this grammar (implemented in ANTLR) is d ..read more
Visit website
Using Bloom Filters to Efficient Filter Out “Known Good”
Precision Computing - Software Design and Development
by Lee Holmes
3y ago
There are many times in security investigations where we want to quickly filter out “Known Good” and only focus on what remains. When these are files shipped as part of the operating system, you can use Authenticode and Code Signing to figure this out. But what if this is something more ad-hoc, like the command lines used in Windows Scheduled Tasks? You could possibly store all of this stuff in a database, schematize it, and then figure out a way to query it at scale. Another alternative would be to hash the data (i.e.: the hash of the command line) and store that as a data set somewhere. A b ..read more
Visit website
Resolving error Intune “The sync could not be initiated (0x80190190)”
Precision Computing - Software Design and Development
by Lee Holmes
3y ago
If you’re running into the following error trying to get a device to sync with Intune: The sync could not be initiated (0x80190190) You probably have checked the Windows Event Log and also seen this error: MDM Session: OMA-DM message failed to be sent. Result: (Bad request (400).). I recently ran into this situation, and the cause was that I had opted into the Windows 10 default of signing in with a Microsoft Account. Under “Access Work or School” in Computer Settings, it showed both my work account and home account. If you try to remove your home account, you might get an unhelpful error ..read more
Visit website
List of InfoSec Cognitive Biases
Precision Computing - Software Design and Development
by Lee Holmes
4y ago
The mind is an incredibly complex organ. While all of us attempt to be mostly logical and rational in our day-to-day thought processes and decision making, we are hampered by an enormous number of cognitive biases. Cognitive biases are specific natural tendencies of human thought that often result in irrational decision making, and there are hundreds of them. Everybody has them them and is impacted by them – it is only through awareness that you can take steps to counteract them.   One of my favourite examples is Loss Aversion. Imagine a game that costs $100 to enter. Most folks wou ..read more
Visit website
Client IP Address Disclosure in smtp.gmail.com
Precision Computing - Software Design and Development
by Lee Holmes
4y ago
Summary When Gmail users send mail from mechanisms other than Google’s web interface (i.e.: their phone or laptop’s email program), Gmail includes the user’s IP address in message headers. This information disclosure lets recipients of these messages perform some privacy-invasive actions, such as: Approximate geographical location of the sender Correlation of separate Gmail addresses, but sent by the the same sender Broadband and / or cellphone provider Users looking to send email in a manner that keeps this information private from message recipients should use either Gmail’s web interface or ..read more
Visit website
Searching for Content in Base-64 Strings
Precision Computing - Software Design and Development
by Lee Holmes
4y ago
You might have run into situations in the past where you’re looking for some specific text or binary sequence, but that content is encoded with Base-64. Base-64 is an incredibly common encoding format in malware, and all kinds of binary obfuscation tools alike. The basic idea behind Base-64 is that it takes arbitrary binary data and encodes it into 64 (naturally) ASCII characters that can be transmitted safely over any normal transmission channel. Wikipedia goes into the full details here: https://en.wikipedia.org/wiki/Base64. Some tooling supports decoding of Base-64 automatically, but that r ..read more
Visit website
Searching for Content in XOR “Encrypted” Data
Precision Computing - Software Design and Development
by Lee Holmes
4y ago
A while back, we talked about a common challenge in the security industry – searching for some known bad content (i.e.: “Invoke-WebRequest”) in content that you know has been encoded in base64. In a really cool bout of co-discovery, others simultaneously wrote similar implementations. Since then, this approach is now in the process of being integrated into YARA. Very cool times! Another situation you might have run across is malware authors “encrypting” their content with a static XOR key – a process I like to call “encraption”. One of the neat things about XOR encraption is that you use a sin ..read more
Visit website
Star Trek TOS Science, Engineering, Command Embroidery Patterns
Precision Computing - Software Design and Development
by Lee Holmes
4y ago
If you’re looking to get one of the Star Trek TOS patches (Science, Engineering, or Command) embroidered on something, they often charge a lot of money to convert the logo to the format that embroidery machines understand. Here are version I created in the Brother PES format, as well as in the native format I created it in (EmbroideryWare STICH). Command - [Brother PES] [EmbroideryWare STICH] Science - [Brother PES] [EmbroideryWare STICH] Engineering - [Brother PES] [EmbroideryWare STICH ..read more
Visit website
Dragon Ball Z Logo Embroidery Pattern
Precision Computing - Software Design and Development
by Lee Holmes
4y ago
If you’re looking to get the Dragon Ball Z logo embroidered on something, they often charge a lot of money to convert the logo to the format that embroidery machines understand. Here’s a version I created in the Brother PES format, as well as in the native format I created it in (EmbroideryWare STICH). [Brother PES] [EmbroideryWare STICH ..read more
Visit website

Follow Precision Computing - Software Design and Development on FeedSpot

Continue with Google
Continue with Apple
OR