04 Sep

Hacking resources for fun and no profit, part 1

In this article I'll show how I made VMWare Workstation 15 awesome again using a little-known Resource Hacker feature called "scripting".

But first, a bit of background..

Upgrade of VMWare

People who know me know that I prefer stable, tried-and-true solutions. Be it my primary operating system, the tools I'm using or things I eat for breakfast. Once I know that something is good, I don't want to change it.

So, for a long time I was using VMWare Workstation 10. It just worked. But as the new versions of Windows came out, they started requiring hypervisor to support some specific features. Otherwise it just won't work. For example, to be able to install Windows 10 1803, you will need VMWare 14.x. To install Windows 10 1903, you will need VMWare 15.x.

And so, after a long time of holding out, I decided to upgrade.
Read More

04 Jun

Stealing WordPress credentials

Yesterday WordFence published a scary article titled "Large Scale Attack Campaign Targets Database Credentials". Article describes a recent mass-scanning attack of WordPress sites. The purpose of the attack was stealing WordPress configuration files - and therefore usernames/passwords of WordPress admins.

As with the XSS campaigns, almost all of the attacks are targeted at older vulnerabilities in outdated plugins or themes that allow files to be downloaded or exported. In this case the attackers are attempting to download wp-config.php, a file critical to all WordPress installations which contains database credentials and connection information, in addition to authentication unique keys and salts.

Since WordFence is in the business of selling "the best WordPress security", they have little intention to explain how these attacks really work.

Instead, they blatantly advertise their product as a remedy for everything:

All Wordfence users, including sites running the free version of Wordfence, and Wordfence Premium, are protected against these attacks.

That's really not helpful, so let me fix that. smile
Read More

08 Apr

About the long silence

Hello all!

It's been almost a year since my last post. I guess some explanation is in order. And it's actually very simple.

I got burned out.

I took on too much at once. My daily job. Personal life. This blog. Paid side projects. It was all fun until it wasn't. One night I finished my side project at 3AM, sent the finished code to the guy and went to sleep. Next day I just couldn't wake up and get to work. So, I said to myself, "It's alright, weekend is coming, I'll get some more sleep and everything will be fine again!"

It wasn't.

My brain still refused to work and I could barely function. I stopped answering my emails. Stopped managing the blog. Stopped pretty much everything. Whatever I did, it wasn't fun. And that's how I spent last year or so.

It's slowly getting better. Reversing stuff feels fun again. I might even write a proper blogpost or two in the near future. Who knows..

Now you know it. Take care and try not to end up like me!

Some articles that seemed useful to me:
https://piechowski.io/post/how-to-get-over-burnout/
https://www.mindtools.com/pages/article/recovering-from-burnout.htm
https://kierantie.com/a/burnout

13 Feb 2019

uBlock silently enables Acceptable Ads for everyone

Few days ago I started seeing ads on ebay. Weird.. confused I blocked the ad manually and forgot about it. The next time I visited ebay, the ad was showing again. I blocked it again. Third time.. Yes, you guessed right, the ad was back. So, I started to investigate why my filter rule was not working.

Few minutes later, the culprit was found:

This rule disables all cosmetic filters for eBay. But where does it come from?

I went to examine my filter lists. And then I went into full WTF mode:

Why the fuck I have "Acceptable Ads" list enabled?
Read More

11 Dec 2018

Changes in the blog

My last posts about Unity3D/Mono protections gained a lot of attention. Unfortunately, they gained the wrong kind of attention and low quality comments. So, I decided to make changes in a way these posts are made.

This is a place to describe HOW the protection works.

I have no agenda against game authors or any of the Android MOD teams. They just happen to use interesting protection mechanisms. And I like to take protections apart and describe HOW they work. So, the posts will be even more focused on HOW the protection works and how it can be defeated. Sometimes I'll make some code snippets available. But in any case, you will have to do your work to defeat the protection.

This is NOT a place for script-kiddies.

I made a big mistake releasing compiled executable. It attracts crowds of asian kids who are only able to drop DLL on the compiled executable and complain that it did not magically fix everything. They have absolutely no interest in how the protection actually works.

To fix that, there will be no more ready-made tools. If you care about the protection, my blog has all the information you need to make your own tool. But if you need a ready-made, compiled tool, go somewhere else.

This is NOT a place for crack requests.

Yes, I'm always interested in new and innovative protections. If you tell me about such protection, I will be very happy. When I get some free time, I will look at it. If it's interesting enough, I will write about it.

But I will not crack the protection for you. And most certainly I will not do it on your schedule. So, don't bug me about that.

I work on this blog in my free time.

My free time is limited. I will read all comments and all emails. Someday. When I have free time.

So, do NOT bump your comments or your emails. If you haven't received a reply, your message was stupid and I decided to ignore it. Or perhaps I just haven't had time to read it and respond to it.

You need to do your homework.

I got plenty of comments like "how do I use your tool?" or "I can't open file in dnSpy. Help!!!111".

First, read the bloody posts, they explain how my tools work and what the limitations are. Second, use Google. Third, read "How to Report Bugs Effectively". I can't magically solve all your problems - I need to see the actual file first.


I hate using ban-hammer. So, first time you do something stupid, I will warn you. But if you continue doing that, I'll ban you. As simple as that.

Thank you for reading to the end, I really appreciate that. Please enjoy your stay here.

10 Dec 2018

Changes in Chrome 71 break Gmail.

I've complained about Chrome automatic updates before. I actually stayed on outdated Chrome 45 for a long time because I really needed NPAPI support to perform certain tasks. 

But few months ago I decided to bite the bullet and "live a normal life". So, I enabled Google Chrome updates and crossed my fingers. It worked for some time. I got the awful "modern UI" and managed to turn it off. I got the automatic Chrome sign-in that nobody actually wants and Google retracted later. And I was able to turn it off too.

But now Chrome cannot open my Gmail account. WTF?

Can't sync to account.

When logging into Gmail it just pops up this message "Can't sync to account. Request cancelled."

Read More

18 Oct 2018

Why morons shouldn’t be writing about security, part 4

Yesterday I read an article on ZDNet called "Researcher finds simple way of backdooring Windows PCs and nobody notices for ten months" and it made my laugh hysterically.

Why? Because it's a bloody nonsense from start to end.

Let's just look at the main claim in the article.

... in cases where a hacker has a foothold on a system --via either malware or by brute-forcing an account with a weak password-- the hacker can give admin permissions to a compromised low-level account, and gain a permanent backdoor with full SYSTEM access on a Windows PC.

What. The. Fuck.
Read More

24 Apr 2018

About City of Atlanta and ransomware

I just read the article on ZDNet: "Atlanta projected to spend at least $2.6 million on ransomware recovery". Yes, you read it right - $2'600'000 to clean up the Atlanta city network from ransomware. And, of course, taxpayers will pay the bill. smile

Dear City of Atlanta, this situation will not magically resolve itself. Your IT guys must take the responsibility for this failure. Fire your CIO. Fire your entire IT staff. Sue them all for the damages. And let them rot in prison for a few years for gross negligence.

You hold an architect accountable for making your house blueprints right. You hold the builders accountable for building your house right and your doctor for taking a proper care of you.

IT guys are not special snowflakes, they don't do magic, and they must be held accountable for their (in-)actions just like everyone else. Only then we'll see some improvements in security.

 
But I'm sure City of Atlanta knows better. After all, they decided $600'000 on advisory services from Ernst & Young on how to handle security incidents. That's a money well spent! </irony>