Original report
| """ | |
| summary: drawing custom graphs | |
| description: | |
| Showing custom graphs, using `ida_graph.GraphViewer`. In addition, | |
| show how to write actions that can be performed on those. | |
| keywords: graph, actions | |
| """ | |
| from __future__ import print_function | |
| # ----------------------------------------------------------------------- |
| /* | |
| VEH misuse detector for Microsoft Windows | |
| Released as open source by NCC Group Plc - http://www.nccgroup.com/ | |
| Developed by Ollie Whitehouse, ollie dot whitehouse at nccgroup dot com | |
| Released under AGPL see LICENSE for more information | |
| */ |
| *Purpose | |
| - UI Accessibility Checker | |
| - Verifies UI accessibility requirements | |
| *LOLBIN Functionality/Steps | |
| 1) Go to "Custom Verification Routines" link in reference section and copy the sample verification C# code into Visual Studio. | |
| 2) Add proper assembly references (e.g. AccCheck.dll) | |
| 3) Insert your C# code under a target method such as Execute() | |
| 4) Compile to a .NET managed library (DLL) | |
| 5) Invoke the code |
In the default configuration of Active Directory, it is possible to remotely take over Workstations (Windows 7/10/11) and possibly servers (if Desktop Experience is installed) when their WebClient service is running. This is accomplished in short by;
The caveat to this is that the WebClient service does not automatically start at boot. However, if the WebClient service has been triggered to start on a workstation (for example, via some SharePoint interactions), you can remotely take over that system. In addition, there are several ways to coerce the WebClient service to start remotely which I cover in a section below.
| // Alloc2Test.cpp : This file contains the 'main' function. Program execution begins and ends there. | |
| // | |
| #include <iostream> | |
| #include <Windows.h> | |
| #include <string> | |
| #include <assert.h> | |
| static inline char* AlignUpwards(const char* stack, size_t align) { |
| SHA256,Name,Signer,Description | |
| 04A85E359525D662338CAE86C1E59B1D7AA9BD12B920E8067503723DC1E03162,ADV64DRV.sys,"""FUJITSU LIMITED """, | |
| 05F052C64D192CF69A462A5EC16DDA0D43CA5D0245900C9FCB9201685A2E7748,Agent64.sys,"""eSupport.com, Inc.""",DriverAgent Direct I/O for 64-bit Windows | |
| 4045AE77859B1DBF13972451972EAAF6F3C97BEA423E9E78F1C2F14330CD47CA,Agent64.sys,Phoenix Technologies Ltd,DriverAgent Direct I/O for 64-bit Windows | |
| 6948480954137987A0BE626C24CF594390960242CD75F094CD6AAA5C2E7A54FA,Agent64.sys,Phoenix Technologies Ltd,DriverAgent Direct I/O for 64-bit Windows | |
| 8CB62C5D41148DE416014F80BD1FD033FD4D2BD504CB05B90EEB6992A382D58F,Agent64.sys,"""eSupport.com, Inc""",DriverAgent Direct I/O for 64-bit Windows | |
| B1D96233235A62DBB21B8DBE2D1AE333199669F67664B107BFF1AD49B41D9414,Agent64.sys,"""eSupport.com, Inc.""",DriverAgent Direct I/O for 64-bit Windows | |
| 7196187FB1EF8D108B380D37B2AF8EFDEB3CA1F6EEFD37B5DC114C609147216D,ALSysIO64.sys,Artur Liberman,ALSysIO | |
| 7F375639A0DF7FE51E5518CF87C3F513C55BC117DB47D28DA8C615642EB18BFA,ALSys |
A while ago I watched a very interesting DEF CON talk called "Repsych: Psychological Warfare in Reverse Engineering" by Chris Domas. In his talk Chris talked about how one could fool and or piss off reverse engineers with some little tricks. This got me thinking what can I do in .net to piss off and or fool reverse engineers. After reading about homoglyphs I had a fun little idea.
Homoglyphs are characters that look the same but are actually from different alphabets. For our obfuscation concept, we will abuse the fact that there are unicode characters that look just like normal latin letters.
So since the homoglyph characters look just like latin characters, we can use them to have to identical looking names that are actually different. For example we could replace the character M in the name <Module> with an M from a different alphabet.
| #include <assert.h> | |
| #include <chrono> | |
| #include <embedder.h> | |
| #include <glfw3.h> | |
| #include <iostream> | |
| static_assert(FLUTTER_ENGINE_VERSION == 1, ""); | |
| static const size_t kInitialWindowWidth = 800; |
