D.W. – WindowsTechs.com

Standard format for malware behavioral rules

Posted on August 15, 2025 by D.W.

Is there a standard format for behavioral rules for detecting malware?
Yara is a standard format for static signatures, e.g., matching based on strings and byte sequences. I’m wondering if there is a similar format and ecosystem for behav… Continue reading Standard format for malware behavioral rules→

Faster afl-tmin

Posted on June 23, 2025 by D.W.

AFL++ suggests that we consider minimizing each seed file in the corpus before the fuzzing campaign, using afl-tmin. However, afl-tmin is extremely slow on large files.
Are there any strategies to speed up afl-tmin when using it to reduce… Continue reading Faster afl-tmin→

Models that embed SynthID Text watermarks

Posted on May 21, 2025 by D.W.

Which Large Language Models (LLMs) embed SynthID-Text watermarks into the text they generate?
Background: Google developed the SynthID-Text method for embedding watermarks into AI-generated text. This means that LLMs that use SynthID-Text… Continue reading Models that embed SynthID Text watermarks→

File minimization for fuzzing

Posted on May 13, 2025 by D.W.

Fuzzing tends to be more effective when the seed file is small — or, more precisely, when the seed file is chosen so it is processed as rapidly as possible by the application-being-fuzzed — as this enables the fuzzer to perform more iter… Continue reading File minimization for fuzzing→

drupal_add_http_header and HTTP response splitting

Posted on March 3, 2025 by D.W.

Is drupal_add_http_header safe from HTTP response splitting? For instance, does it automatically filter out or encode ‘\n’ and ‘\r’ in header values?
Or is it the caller’s obligation to make sure that the header value does not contain ‘\n… Continue reading drupal_add_http_header and HTTP response splitting→

Can smartphone eavesdrop on conversations while in your pocket?

Posted on May 25, 2023 by D.W.

Suppose I have a cellphone in my pocket, and it is running a malicious app or malicious code, and I am having an in-person conversation with another person. Is it possible for my phone to capture my voice and eavesdrop on the conversation… Continue reading Can smartphone eavesdrop on conversations while in your pocket?→

Are we gossiping in Certificate Transparency?

Posted on March 3, 2021 by D.W.

Ben Laurie’s original paper on Certificate Transparency proposed that clients (browsers) should "gossip". In particular, it proposed that when a browser connects to a web server, it should send to the server the latest signed tr… Continue reading Are we gossiping in Certificate Transparency?→

Can a PDF embed a tracking image?

Posted on May 14, 2020 by D.W.

I know that PDFs can contain embedded images and Javascript.

Can a PDF contain something that tracks you? For instance, can it contain a remote image that, when the PDF is opened, will fetch that image (thus revealing the user’s IP addre… Continue reading Can a PDF embed a tracking image?→

Can Javascript overwrite a HTTPOnly cookie?

Posted on May 13, 2020 by D.W.

Can Javascript overwrite or delete a HTTPOnly cookie?

In more detail: Suppose the user’s browser has a cookie for example.com with the HTTPOnly flag set, say session=552..e0. Suppose the user visits a page on example.com. Can Javascript… Continue reading Can Javascript overwrite a HTTPOnly cookie?→

How long are password hashes stored locally?

Posted on June 20, 2019 by D.W.

Suppose Alice logs into Windows machine M (which is part of an enterprise network managed through Active Directory). My understanding is that M will contact the domain controller to get Alice’s password hash, store it in the local SAM or … Continue reading How long are password hashes stored locally?→