BinPeek – an app to determine if a #Windows executable is managed or unmanaged.

Synopsis

BinPeek is an application that checks to see if a Windows application is managed(.NET) or unmanaged(native). It handles x86 and x84 executables.

Usage

D:\source\repos\BinPeek>binpeek BinPeek.exe
BinPeek.exe --> Unmanaged

Project URL

BinPeek

Installation

Build with Visual Studio or just use the release version in the repo.

Contributors

Carl Sampson

License

MIT

Posted in Code, Open Source | Leave a comment

Secure Design Principles

Sitting hear on a cold, snowy day thinking about secure design principles. These are key to think about during the design phase of a feature/project?

  • Total Mediation – every access to every resource must be validated every time
  • Economy of Mechanism – keep it as simple as possible
  • Fail-Safe – in case of failure, default to a secure state
  • Defense in Depth – layer security
  • Open Design – the security of a system should not be dependent on secrecy of its design or implementation
  • Psychological Acceptability – security mechanisms must not make resources more difficult to access then if they weren’t there
  • Separation of Privileges – limit access to a system/feature to only those that *need* to access it for the shortest duration possible
  • Minimize attack surface – reduce risk by reducing the attack surface area
  • Secure Defaults – default to a secure state

Any others you can think of?

Posted in Software Security | Leave a comment

Two Gems Updated

PwnedCheck

PwnedCheck is a gem that checks http://haveibeenpwned.com to see if an email address or user handle has been involved in a breach.

Installation

gem install PwnedCheck

Usage

require 'pwnedcheck'

# The 4 cases.
# foo@bar.com is a valid address on the site
# foo232323ce23ewd@bar.com is a valid address, but not on the site
# foo.bar.com is an invalid format
# mralexgray is a user id in snapchat
list = ['foo@bar.com', 'foo232323ce23ewd@bar.com', 'foo.bar.com', 'mralexgray']

list.each do |item|
  begin
    sites = PwnedCheck::check(item)
    if sites.length == 0
      puts "#{item} --> Not found on http://haveibeenpwned.com"
    else
      sites.each do |site|
        #site is a hash of data returned
        puts item
        puts "\tTitle=#{site['Title']}"
        puts "\tBreach Date=#{site['BreachDate']}"
        puts "\tDescription=#{site['Description']}"
      end
    end
  rescue PwnedCheck::InvalidEmail => e
    puts "#{item} --> #{e.message}"
  end
end
require 'pwnedcheck'

# The 4 cases to check for pastes.
# foo@bar.com is a valid address on the site
# foo232323ce23ewd@bar.com is a valid address, but not on the site
# foo.bar.com is an invalid format
# mralexgray is a user id in snapchat
list = ['foo@bar.com', 'foo232323ce23ewd@bar.com', 'foo.bar.com', 'mralexgray']

list.each do |item|
  begin
    sites = PwnedCheck::check_pastes(item)
    if sites.length == 0
      puts "#{item} --> Not found on http://haveibeenpwned.com"
    else
      sites.each do |site|
        #site is a hash of data returned
        puts item
        puts "\tSource=#{site['Source']}"
        puts "\tTitle=#{site['Title']}"
        puts "\tDate=#{site['Date']}"
        puts "\tEmail Count=#{site['EmailCount']}"
      end
    end
  rescue PwnedCheck::InvalidEmail => e
    puts "#{item} --> #{e.message}"
  end
end

Jekyll-Clicky

Jekyll-clicky is a gem to add clicky analytics to a site generated with Jekyll.

Installation

Add this line to your application’s Gemfile:

And then execute:

$ bundle

Or install it yourself as:

$ gem install jekyll-clicky

Usage Add-

jekyll_clicky:              #Add this if you want to track with Clicky analytics
  site:
    id: ###          # Required - replace with your tracking id

to _config.yml in your jekyll site directory. Replace ### with the id of your clicky site.

Posted in Ruby, Security | Leave a comment

Extending Burp at DerbyCon VII

Just finished my talk about extending Burp at Derbycon VII. Thanks to everyone that attended! I’m really thankful for the opportunity to present on the topic.

The Details-

Slides –

Video in Slides (Slide 14)

Source Code – https://github.com/sampsonc/searchplusplus

Video of the Presentation

I’d love to hear any comments/questions.

Thanks!

Posted in Security | Leave a comment

DerbyCon 7.0

So excited to be speaking at DerbyCon 7.0 this year! After attending every year since the conference started, I decided to submit a talk this year and it was accepted. The title of the talk is “Extending Burp”. I’ll run through how to create Burp extensions and some gotcha’s that I figured out.

Hope to see you there!

Posted in Security | Leave a comment