Friday, September 29, 2017

"Illusion Gap" Malware Attack Bypasses Windows Defender Scans on Shared Folders Server

A new malware dubbed "Illusion Gap" exploits a design choice in how Windows Defender scans files stored on an Shared Folders (SMB) Server before execution.

In many offices, this is your local area network (LAN) drive, a dated term. The modern term is called Network-attached storage (NAS).

For Illusion Gap to work, the attacker must convince a user to execute a file hosted on a malicious SMB server under his control. This is not as complex as it sounds, as a simple shortcut file is all that's needed.

How Illusion Gap works

The problems occur after the user double-clicks this malicious file. By default, Windows will request from the SMB server a copy of the file for the task of creating the process that executes the file, while Windows Defender will request a copy of the file in order to scan it.

SMB servers can distinguish between these two requests, and this is a problem because an attacker can configure their malicious SMB server to respond with two different files.

The attacker can send a malicious file to the Windows PE Loader, and a benign file to Windows Defender. After Windows Defender scans the clean file and gives the go-ahead, Windows PE Loader will execute the malicious file without Windows Defender realizing they're two different things.
















From https://www.cyberark.com/threat-research-blog/illusion-gap-antivirus-bypass-part-1/

Thursday, September 28, 2017

What is the average size of office and pdf documents?

Microsoft Enterprise Search conducted a survey in 2012 asking compiling statistics from 100 different data sources spread across tens of millions of searchable items, to answer this question. What is the average size of a typical office document.  I could not find a more recent analysis. 
Here are the results:
  • The average size of an office document is 3210 kB * 10 for year 2020.
  • Most web content is smaller than 2000kB * 10 for year 2020.
  • PowerPoint (4442kb) and PDF (3625kb) consume the most space
  • Word documents are most frequent

    WinDirStat - Windows Directory Statistics calculate your own stats by file extension!
Src: Microsoft Enterprise Search / SharePoint content, 100 different data sources spread across tens of millions of searchable items




























Here's some SAN disk sizing if you have some data to back-up. For example you know that:
  •  306 GB for  1 million documents 
  • 2.98 TB for 10 million documents
  • 5.96 TB for 20 million docs
  • 8.94 TB for 30 M docs
  • 14.9 TB for 50 M docs.

    reduce/divide by 10 for 2020.


I have made request to both Bing and Google for an update. Can anyone can help?

Wednesday, September 27, 2017

Mac OS Keychain Hack retrieve all passwords in plaintext

macOS High Sierra 10.13 was released to the public on Monday, September 25. It is a free update for all compatible Macs and is an upgrade to macOS 10.12 Sierra,

But within a matter of days, a zero-day (aka never seen before) has come to light. 

Passwords are stored in the Mac's Keychain, which typically requires a master login password to access the vault.


But a former NSA contractor has shown that the vulnerability allows an attacker to grab and steal every password in plain-text using an unsigned app downloaded from the internet, without needing that password.

The exploit works on High Sierra , but said that older versions of macOS and OS X are also vulnerable.

Patrick Wardle, a former NSA hacker who now serves as chief security researcher at Synack, posted a video of the hack -- a password exfiltration exploit -- in action.


Steal y0 (macOS) Keychain from patrick wardle on Vimeo.

Monday, September 25, 2017

Essential Gmail Productivity Keyboard Shortcuts

Turn on keyboard shortcuts

Some keyboard shortcuts only work if you've turned them on.
Note: Keyboard shortcuts aren't supported on all keyboards.
  1. Open Gmail.
  2. In the top right, click Settings Settings.
  3. Click Settings.
  4. Scroll down to the "Keyboard shortcuts" section.
  5. Select Keyboard shortcuts on.
  6. At the bottom of the page, click Save Changes.

Move Carrot or Selector Bar in Gmail

move carrot up |Up Arrow
move carrot down |
Down Arrow
Select conversationx
Unselect conversation (toggle)x


Typical actions in Gmail. 

ActionShortcut
Move focus to toolbar,
Select conversationx
Toggle star/rotate among superstarss
Archivee
Mute conversationm
Report as spam!
Delete#
Replyr
Reply in a new windowShift + r
Reply alla
Reply all in a new windowShift + a
Forwardf
Forward in a new windowShift + f
Update conversationShift + n
Archive conversation and go previous/next] or [
Undo last actionz
Mark as readShift + i
Mark as unreadShift + u
Mark unread from the selected message_
Mark as importantor =
Mark as not important-
Expand entire conversation;
Collapse entire conversation:
Add conversation to TasksShift + t


Thread Selection in Gmail
ActionShortcut
Select all conversations+ a
Deselect all conversations+ n
Select read conversations+ r
Select unread conversations+ u
Select starred conversations+ s
Select unstarred conversations+ t

Sunday, September 24, 2017

Using C# Action for Human Readable TimeSpan with variable length formatting

Here's a great modern way to format a human readable TimeStamp using Action, leaving out zero parts.

New: C# Human Readable Ticks with microsecond and nanosecond units



 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
/// <summary>
/// Human readable timespan with var length formatting
/// </summary>
/// <param name="milliseconds">a long type</param>
/// <returns>Human readable timespan string</returns>
public static string HumanReadableTimeSpan(long milliseconds)
{
    if (milliseconds == 0) return "0 ms"; 

    var parts = new List<string>();

    Action<int, string, int> addActionToList = 
    (val, displayunit, zeroplaces) => 
    {if (val > 0) 
        parts.Add(
            string.Format(
                "{0:DZ}X".Replace("X", displayunit)
                .Replace("Z",zeroplaces.ToString())        
                , val
            ); 
    };
   
    var t = TimeSpan.FromMilliseconds(milliseconds);

    //addActionToList(timespan property, readable display displayunit, number of 0 placeholders) //Sun 24-Sep-17 8:30pm metadataconsulting.ca - Star Trek Disco
    addActionToList(t.Days, "d",  1);
    addActionToList(t.Hours, "h", 1);
    addActionToList(t.Minutes, "m", 1);
    addActionToList(t.Seconds, "s", 1);
    addActionToList(t.Milliseconds, "ms", 4);
   
    return string.Join(" ", parts);
}


This outputs for example 

2m 17s 0123ms

Action series of delegates are pointers to methods which take zero, one or more input parameters, and do not return anything. Formally it looks complicated but its not. 
public delegate void Action<in T>(
 T obj
)

The Actions point to anonymous functions. These functions cannot return values onto the evaluation stack. An Action instance can receive parameters, but cannot return values.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
// Example of Action instances
// ... First example uses no parameter.
// ... Second example uses one parameter.
// ... Third example uses two parameters.
            
Action           example3 = ()      => Console.WriteLine("No param, called.");
Action<int>      example1 = (int x) => Console.WriteLine("Write {0}", x);
Action<int, int> example2 = (x, y)  => Console.WriteLine("Write {0} and {1}", x, y);
                        
// Calling the anonymous methods
example3.Invoke(); 
example1.Invoke(1);  
example2.Invoke(2, 3);            

More reading 
https://social.technet.microsoft.com/wiki/contents/articles/22418.c-action-func-tresult-and-predicate-t-delegate.aspx

New - Run Code Live without leaving this page!

Friday, September 22, 2017

ASP.NET Data Tutorial 35 Parts with updated Visual Studio 2010 C# project

ASP.NET Data Tutorial - 3-tier Architecture in ASP.NET 2.0 -Classic Example


The is a very old but classic ASP.NET 2.0 Data Tutorial (2006) introduced a 3-tier architecture composed of a Data Access Layer (DAL) using Typed DataSets, a Business Logic Layer (BLL) that enforces custom business rules, and a presentation layer composed, in this case ASP.NET pages. This very detailed tutorial with 35 chapters still holds up and is a great historical reference, and is here for record. It is the foundation for modern architectures using Object/Relational Mapping (O/RM) such as Entity Framework.  Here's an intro Getting Started with Entity Framework 6 Code First using MVC 5

Some links are now beginning to disappear. Mainly, all the code files such as ASPNET_Data_Tutorial_1_CS.exe, ASPNET_Data_Tutorial_2_CS.exe, etc are unavailable to download.

Below is a download of all original code and PDF of all the chapters for your convenience.



Tutorial 2 : The BLL Separates the Presentation Layer from the Data Access Layer and Imposes Business Rules - 3ish Tier Architecture

Here is a diagram of a full blown modern n-tier approach applied to an ASP.NET MVC application using Entity Framework:




Back to ASP.NET 2.0 example here's  the presentation layer with it's classy sophisticated design :)


Tutorial 4 : The FormView Must Include an ItemTemplate
































Download Chapters 1-35  in a single PDF ASPNET_Data_Tutorial_PDF_ALL_Chapters.PDF.


Download the ASPNET_Data_Tutorial_1_CS.exe sample code. Rolled-up into 35.
Download the ASPNET_Data_Tutorial_2_CS.exe sample code. Rolled-up into 35.
Download the ASPNET_Data_Tutorial_3_CS.exe sample code. Rolled-up into 35.
Download the ASPNET_Data_Tutorial_4_CS.exe sample code. Rolled-up into 35.
Download the ASPNET_Data_Tutorial_5_CS.exe sample code. Rolled-up into 35.
Download the ASPNET_Data_Tutorial_6_CS.exe sample code. Rolled-up into 35.
Download the ASPNET_Data_Tutorial_7_CS.exe sample code. Rolled-up into 35.
Download the ASPNET_Data_Tutorial_8_CS.exe sample code. Rolled-up into 35.
Download the ASPNET_Data_Tutorial_9_CS.exe sample code. Rolled-up into 35.
Download the ASPNET_Data_Tutorial_10_CS.exe sample code. Rolled-up into 35.
Download the ASPNET_Data_Tutorial_11_CS.exe sample code. Rolled-up into 35.
Download the ASPNET_Data_Tutorial_12_CS.exe sample code. Rolled-up into 35.
Download the ASPNET_Data_Tutorial_13_CS.exe sample code. Rolled-up into 35.
Download the ASPNET_Data_Tutorial_14_CS.exe sample code. Rolled-up into 35.
Download the ASPNET_Data_Tutorial_15_CS.exe sample code. Rolled-up into 35.
Download the ASPNET_Data_Tutorial_16_CS.exe sample code. Rolled-up into 35.
Download the ASPNET_Data_Tutorial_17_CS.exe sample code. Rolled-up into 35.
Download the ASPNET_Data_Tutorial_18_CS.exe sample code. Rolled-up into 35.
Download the ASPNET_Data_Tutorial_19_CS.exe sample code. Rolled-up into 35.
Download the ASPNET_Data_Tutorial_20_CS.exe sample code. Rolled-up into 35.
Download the ASPNET_Data_Tutorial_21_CS.exe sample code. Rolled-up into 35.
Download the ASPNET_Data_Tutorial_22_CS.exe sample code. Rolled-up into 35.
Download the ASPNET_Data_Tutorial_23_CS.exe sample code. Rolled-up into 35.
Download the ASPNET_Data_Tutorial_24_CS.exe sample code. Rolled-up into 35.
Download the ASPNET_Data_Tutorial_25_CS.exe sample code. Rolled-up into 35.
Download the ASPNET_Data_Tutorial_26_CS.exe sample code. Rolled-up into 35.
Download the ASPNET_Data_Tutorial_27_CS.exe sample code. Rolled-up into 35.
Download the ASPNET_Data_Tutorial_28_CS.exe sample code. Rolled-up into 35.
Download the ASPNET_Data_Tutorial_29_CS.exe sample code. Rolled-up into 35.
Download the ASPNET_Data_Tutorial_30_CS.exe sample code. Rolled-up into 35.
Download the ASPNET_Data_Tutorial_31_CS.exe sample code. Rolled-up into 35.
Download the ASPNET_Data_Tutorial_32_CS.exe sample code. Rolled-up into 35.
Download the ASPNET_Data_Tutorial_33_CS.exe sample code. Rolled-up into 35.
Download the ASPNET_Data_Tutorial_34_CS.exe sample code. Rolled-up into 35.

Download the ASPNET_Data_Tutorial_35_CS.exe* sample code. 

*Downloads ASPNET_Data_Tutorial_35_CS_VS2010_Working.zip, which is original code wrapped in a Visual Studio 2010 Project and original code working with SQL Server 2012 Developer Edition (a minor connection string change). Zip is safer that self-extracting exe.

Thursday, September 21, 2017

.NET Conf 2017 Beginner Day 3 Free Microsoft Training

Today is beginner day for Microsoft .NET Conf 2017. Free training for .NET Fundamentals (Track 1) and Mobile/Web (Track 2) with code samples available live on https://channel9.msdn.com/ from 9PM-5PM PDT. 


Wednesday, September 20, 2017

CCleaner malware affected 2 Billion users, use alternative BleachBit instead




Now this is an ironic, Avast anti-virus company distributed the infected CCleaner.
CCleaner (short for Crap Cleaner) is a popular utility tool , which promises to clean up your system for enhanced performance, was hacked to distribute malware directly to its users, Cisco Talos reports.

For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner

CCleaner boasted over 2 billion total downloads by November of 2016 with a growth rate of 5 million additional users per week. Given the potential damage that could be caused by a network of infected computers even a tiny fraction of this size we decided to move quickly. On September 13, 2017 Cisco Talos immediately notified Avast of our findings so that they could initiate appropriate response activities. The following sections will discuss the specific details regarding this attack.


Full details from Talos http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html

Alternative


A great and free alternative is BleachBit a new open-source privacy cleaner tool. 

Download open source BleachBit at 
https://www.bleachbit.org/download/windows - choose portable unzip and run


Use 

I wrote a blog post on how to clean re-spawning Adobe cookies using BleachBit.
How to Delete Google Chrome Adobe Flash Cookies (.sol files) - Respawning Cookies

Tuesday, September 19, 2017

.NET 2.0 Standard is out, check out portability across all .NETs

.NET Portability Analyzer


The .NET Portability Analyzer helps you determine how flexible your application is across .NET platforms for .NET Standard 2.0 compatibility.

Get it here
https://marketplace.visualstudio.com/items?itemName=ConnieYau.NETPortabilityAnalyzer


.NET implementation support

The following table lists all versions of .NET Standard and the platforms supported:

.NET Standard1.01.11.21.31.41.51.62.0
.NET Core1.01.01.01.01.01.01.02.0
.NET Framework (with .NET Core 1.x SDK)4.54.54.5.14.64.6.14.6.2
.NET Framework (with .NET Core 2.0 SDK)4.54.54.5.14.64.6.14.6.14.6.14.6.1
Mono4.64.64.64.64.64.64.65.4
Xamarin.iOS10.010.010.010.010.010.010.010.14
Xamarin.Mac3.03.03.03.03.03.03.03.8
Xamarin.Android7.07.07.07.07.07.07.08.0
Universal Windows Platform10.010.010.010.010.0vNextvNextvNext
Windows8.08.08.1
Windows Phone8.18.18.1
Windows Phone Silverlight8.0