Friday, February 26, 2021

Microsoft has released CodeQL with sample queries to sniff out malware

Microsoft open sources CodeQL queries used to hunt for Solorigate activity - Microsoft Security

Based on LGTM - Continuous security analysis open-source solution Microsoft has created CodeQL with sample queries to sniff out malware.












CodeQL is a powerful semantic code analysis engine that is now part of GitHub. Unlike many analysis solutions, it works in two distinct stages. First, as part of the compilation of source code into binaries, CodeQL builds a database that captures the model of the compiling code. For interpreted languages, it parses the source and builds its own abstract syntax tree model, as there is no compiler. Second, once constructed, this database can be queried repeatedly like any other database. The CodeQL language is purpose-built to enable the easy selection of complex code conditions from the database.

I posted the following question: 

How would you list methods not in a try-catch clause?

var fi2 = new FileInfo(path2);

How to list methods not wrapped in Using statement?

StreamWriter sw = new StreamWriter("hello.txt")

Answer

I'm assuming this is in C#. Something like this should work to find method calls not lexically contained by a try-catch.

import csharp

predicate inTryCatch(MethodCall mc) {
  exists(TryStmt ts | ts = mc.getParent*())
    or exists(CatchClause cc | cc = mc.getParent*())
}

from MethodCall mc
where not inTryCatch(mc)
select mc

Of course, this only finds method calls lexically enclosed. Are you looking for method calls that are part of a data flow that is not in a try-catch block? For that you will need to use data-flow analysis.


Posted by metadataconsulting (profile) at 7:00 AM 0 comments

Thursday, February 25, 2021

The most important URL for a .NET developer

Get source implementation code for the entire .NET Framework! See how the experts code at Microsoft. 

Below URL is base code for Array implementation in .NET Framework.

https://referencesource.microsoft.com/#mscorlib/system/array.cs,42e9b7616956cf94

and looks like



I wrote this post because I keep on forgetting about this resource. You can download all documentation starting from Framework 4.5.1. 
Posted by metadataconsulting (profile) at 7:00 AM 0 comments

Thursday, February 18, 2021

Home Depot phishing email with subject Re: Open Immediately

For the record, this is an Home Depot phishing email attempt that is recently going around, with subject "Re: Open Immediately"

What to do?  Report them, goto bottom of page. 


From : Home Depot Survey <infogxxxxxxxxxxxxxx@xxxxxxxxxxxxgmail.mcsv.net>
Subject : Re: Open Immediately


CONGRATULTIONS, You've Been Chosen - Confirm Now !!





PHISHING LINKs;

1. https://justurl.in/pKMGea expands to http://1365abd.net/r.php?xxxx

How to tell this is a Phishing email ?

  1. Check email address in full, if it's not from originating company then it's phishing.
  2. Hover over all links in email, if it's not from the  company's website then forget it.
  3. The best way is to 

How to examine Email Message Source ?

Now lets look at message source
  1. Outlook.com->Actions->View Message Source. 
  2. Gmail.com->More (down arrow to top right)->Show original.
Check for suspicious links, anything that does not originate from apple.com.


Report Phishing Email (not as Spam)

  1. Outlook.com->Junk (at Top)->Phishing Scam
  2. Gmail.com->More (down-arrow to top right)->Report Phishing 

Report Phishing

If you have received this email take further 

  1. https://www.google.com/safebrowsing/report_phish/


Report phishing at Microsoft and government agencies

  1. http://www.microsoft.com/security/online-privacy/phishing-faq.aspx

Posted by metadataconsulting (profile) at 7:00 AM 0 comments
Subscribe to: Posts (Atom)