In this blog post, we are gonna take a look at the mysterious “/P” flag of svchost.exe. TL;DR: P flag enforces different policies: DynamicCodePolicy, BinarySignaturePolicy and ExtensionPolicy.
So first of all, what is svchost.exe? Following Wikipedia “svchost.exe (Service Host, or SvcHost) is a system process that can host from one to many Windows services in the Windows NT family of operating systems“. It’s basically the loader of your different services.
Before diving into svchost with Cutter (or your favorite disassembler/decompiler), it’s good to have the PDB of executable beforehand. PDB is short for “Program DataBase” and is storing the debug information of an executable. You can have it with PDBDownloader.exe (which you can grab here https://techcommunity.microsoft.com/t5/iis-support-blog/pdb-downloader/ba-p/342969) Microsoft lets you access some of the debug information for its different component so you can debug them with Windbg or import them in IDA which is cool. It’s important to note that you don’t have access to ALL the debug information. Only the symbols that Microsoft made public. Continue reading Exploration of svchost.exe /P flag
Here is a short post after a while about my poor man tomboy port. Explanations: I tried the tomboy-ng version for mac OS and I found it pretty cool BUT… No shortcuts worked when I tried it… So no copy/paste when Cmd+C/V.
So here it is, a glorious tomboy-like in js!
It’s really not perfect at all (gosh, it should lose some weight, that’s insane…) but it’s working for me (and hopefully, for the people who find it :D).
One big lesson from this exercise is: never write a simple text file if you want to have like a lot more of information (like a title, parents, …) (stupid lesson but at first I was like “hey, I need to take notes so just write them to text file and that’s it, no?” => nope. Just nope.).
It was a pretty cool tool to do because I could play a little bit with JS/HTML and electron 🙂
So, find a pet project and work on it! Anything at all, it doesn’t matter! Even if it already exists, you will learn some new stuffs and hopefully, at the end, you will have something which can be useful for you (and even better, for someone else).
Here are some screenshots:
Enjoy and bye!
Let’s talk about creating a continuous integration/continuous deployment with gitlab/gitlab-runner/docker.
If you don’t know what CI/CD is, let me just explain it like that: CI is the part where you will build automatically the changes pushed by the developers and CD is the automated deployment of a software when after a build (for example). It’s maybe not totally accurate or maybe only a part of what CI/CD covers but you can get an idea why I find it cool.
Why Docker? Because it can be reproduced on someone else’s machine and this is helpful if a colleague want to play with that for example and it can be less painful to deploy that infrastructure on a server as well.
Our goal today is deploying a CI/CD infrastructure which will deploy our dockerized application on a docker-machine every time we push a change.
You can find below a schema of the flow and the different actors.
(Yep, not beautiful)
Continue reading Create a CI/CD environment with Docker
For my real first article, I will just enumerate a list of tools which are kind of useful during my day-to-day work.
If you have other equivalent tools that you want to share because you think they’re best, be my guest.
- Visual Studio Code
Yeah, I know. Begin an article with IDE and under it VS Code sounds bad for some people. VS Code is not an IDE but with some plugins, it can more or less be. And it’s kind of good in this domain.
I like to play with new languages and test some stuffs but I don’t want to install thousands of different IDE for different purposes so VS Code suit my needs perfectly!
Using a mac, I can’t use the “basic” tomboy so I tried this “ng”. So, it’s a beta, you can see that but it’s kind of useful thanks to the linking between notes.
In conclusion, not perfect (paste/copy shortcuts don’t work actually, there was a bug when you tried to delete the title, …) but already useful.
- VM Ware Fusion
Unfortunately, not free but I like the interface, the fact that you can have only one window with your different VMs opened, the freaking propositions to open some files from your host in an application inside a VM, …
Not really a VM manager or something like that but God, this thing is neat. You have a shit tons of applications that you can run in a dockerized format (radare2, kali, …), simple to define links between applications, …
- Reverse engineering
- radare2/IDA Freeware: So, lot of discussions around these two. They are both really good (radare2 for scripting/open source/big community around it/… IDA for the nice graph/all the possibility around the types/type recognition/…). So try them both (and work with them more than a week 🙂 ) and always dig into them regularly 🙂
- x32dbg: the successor of ollydbg. Lot of updates, kind of user friendly, …
- sysanalyzer: my go to tool when first launching a malware! Complete, gives you a lot of information regarding the different API calls, the files touched on disk, …
More tools will come in the future (probably).
This is just my first article. Nothing more. You can go away now.