justaguywhocodes

https://derek-site-2026-6g03r9taz-derek-martins-projects.vercel.app/about/

justaguywhocodes

MSB-04: Atypical File — .csproj with Inline Task from Legitimate-Looking
Path
Objective:
Determine whether the detection signal can identify a malicious .csproj containing an inline C# task even
when the file resides in a directory that mimics a normal development workspace (complete with a .sln file).
This tests content-based detection rather than path-based heuristics. MSB-01 through MSB-03 already
validate detection from suspicious locations (C:\Temp). This test flips the scenario — the path looks
legitimate, but the content is malicious.
Steps:
1. Create a realistic project directory: mkdir C:\Source\MyProject\src

justaguywhocodes

using Microsoft.Build.Framework;
using System;
using System.IO;

// Benign test logger — writes to a temp file to prove execution
// Implements ILogger which MSBuild loads via /logger: switch
public class TestLogger : ILogger
{
    public LoggerVerbosity Verbosity { get; set; }
    public string Parameters { get; set; }

justaguywhocodes

<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  <Target Name="TestTarget">
    <TestTask />
  </Target>
  <UsingTask
    TaskName="TestTask"
    TaskFactory="CodeTaskFactory"
    AssemblyFile="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll">
    <Task>
      <Code Type="Fragment" Language="cs">

justaguywhocodes

<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  <Target Name="TestTarget">
    <TestTask />
  </Target>
  <UsingTask
    TaskName="TestTask"
    TaskFactory="CodeTaskFactory"
    AssemblyFile="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll">
    <Task>
      <Using Namespace="System.IO" />

justaguywhocodes

# MSBuild.exe Detection Signal — Purple Team Testing Plan

**Classification:** Internal — PCSIRT / Red Team Use Only
**Author:** Red Team Operations
**Date:** February 2026
**Version:** 1.0

-----

## 1. Objective

justaguywhocodes

test

justaguywhocodes

Fellow Toastmasters, distinguished guests, and friends—good [morning/afternoon/evening]! As your President, it's my honor to welcome you to this week's meeting. Today, we gather under the inspiring theme of Black Heritage Appreciation—a celebration of the rich tapestry of history, culture, and resilience that has shaped our world.Black heritage is more than a chapter in history books; it's a living legacy of triumph over adversity. Think of trailblazers like Dr. Martin Luther King Jr., whose eloquent words ignited a movement for equality, or Madam C.J. Walker, the first self-made female millionaire in America, who built an empire from innovation and determination. From the rhythms of jazz born in New Orleans to the groundbreaking achievements of scientists like Katherine Johnson, whose calculations propelled us to the moon—Black contributions have enriched every facet of society.In Toastmasters, we value communication and leadership, qualities exemplified by icons like Frederick Douglass, who escaped slavery 

justaguywhocodes

Canada does impose a "departure tax" on individuals who permanently emigrate and cease to be tax residents. This is not a flat fee but rather a capital gains tax triggered by a "deemed disposition" of assets under the Income Tax Act. It's designed to tax unrealized gains that accrued while you were a Canadian resident. Here's a breakdown of how it works, based on current rules as of 2026.When It AppliesThe departure tax kicks in when you become a non-resident of Canada for tax purposes. This typically happens if you sever residential ties (e.g., sell your home, move family abroad, spend less than 183 days in Canada annually, and establish residency elsewhere).
It's applied in the year you emigrate, on the date you cease residency.

Canada taxes your worldwide income up to the departure date as a resident, and only Canadian-sourced income afterward as a non-resident.
If you return to Canada within five years, you may be able to unwind some effects, but that's case-specific. 


Assets Affected and ExceptionsDee

justaguywhocodes

# Retrieve Token-Signing Certificate
$signingCert = Get-AdfsCertificate -CertificateType "Token-Signing"
Export-PfxCertificate -Cert $signingCert.Certificate -FilePath "C:\temp\ADFS_Signing.pfx" -Password (ConvertTo-SecureString -String "YourSecurePassword!" -Force -AsPlainText)

# Retrieve Token-Decrypting Certificate
$decryptingCert = Get-AdfsCertificate -CertificateType "Token-Decrypting"
Export-PfxCertificate -Cert $decryptingCert.Certificate -FilePath "C:\temp\ADFS_Decrypting.pfx" -Password (ConvertTo-SecureString -String "YourSecurePassword!" -Force -AsPlainText)