Collaborate Disseminate
I know this question is kind of stupid but I am testing a virus database and I would like to know any kind of code in c++ or C#/VB.net that would be detected as virus by an antivirus, without actually having do download an antivirus.
Than… Continue reading How to make a file detected by anti virus
Is there a pseudo device-based random data stream/file that can be used in Windows .NET programming in the same way as /dev/random can be read and used as a source of random values on Linux based systems?
I’m not asking whether .NET can provide a pseudo-random number generator type random call such as CryptGenRandom() which appears to use a random seed to create a sequence of PRNG numbers but whether there is a functional equivalent as /dev/random which stores various system events and UI interaction to create a pool of random values that are considered to be crypto secure.
Because /dev/random appears to be similar to any other file on the underlying system, any Linux based programming language can access this truly random stream of data, but C# and other .NET programs don’t (normally) run on Linux systems, and mine certainly don’t.
All online searches and my reading always leads me to information about PRNG calls, which is not the same thing at all.
If there’s any answer to this on here already then I just need more practice on searching for answers I guess!
Continue reading Windows .NET equivalent to Linux /dev/random
Related to Should we protect web application source code from being stolen by web hosts through obfuscation?, but a different risk profile: How useful is it to obfuscate a C#/.NET desktop application? The same threat vectors … Continue reading What are the risks/benefits to obfuscating/not obfuscating C#/.NET code for a desktop application?
I am in the process of setting up the infrastructure for microservices using RabbitMQ as our message broker for our company. I am trying to figure out the best way to handle security for the system. This system will only be u… Continue reading User Credentials for Accessing Network Resources
first of let me explain what is given:
Client:
Server:
An User registers by submitting his Console Key on a Website, which is then stored in the Database on the Server. When the .dll is loaded a TCP connection to the Server is established. The Server then sends a random generated 25 char token to the client. The client then encrypts the following into one string:
2.7The encrypted string is then send to the server, which decrypts the string using the generated token. If file wasn’t tampered, memory key isn’t spoofed, version is up to day and the fuse key exists in the database, some addresses and strings are sent back to the client. These addresses and strings are required to run the .dll correctly. I do this to prevent an attacker from just noping the internet connection and then gaining access.
I see a few problems in the way i currently do it:
That’s it for the Server-Client-Auth. For protecting the executeable itself by now i only used a simple XOR Encryption to encrypt strings like the domain name or important commands. A friend told me that he heard that i should encrypt the whole executeable besides the entry point and when the entry point is entered decrypt the file. He couldn’t tell me how to do that and i don’t even know if it can be done. The problem with my .dll is that it is for XBOX 360 meaning i can’t use 3rd party libaries or anything, just plain C++. If you have any ideas for the Encryption/Obfuscation of the file be sure to leave them down below, aswell as what you think about my current auth approach and what you would do better.
Thanks for your time and thanks in advance!
Continue reading How to secure an Executeable (Server-Client-Authentication)
I am learning about the Thinktecture Identity Server v2 and considering deploying it as a single sign on solution for 3 to 4 apps/services our company is developing for our customers. The applications use a mix of ASP.NET for… Continue reading Does Thinktecture V2 Require Round Trips on Requests
I am fairly new to this, so I’m sure it has been asked and answered but I cannot find a clear answer. If this has already been addressed, please point me in the right direction and I will remove this question.
I have a prog… Continue reading Passing encryption with IV as a single array
Right now I’m working as a software development leader in my enterprise.
Here’s the main issue of everything. A software developer that works with us. There has been some rumours about this user sharing/developing software f… Continue reading Secure compiled .NET source code applications ASP.NET and Windows Forms
(Copied from Software Engineering as suggested)
If I have written a privacy tool as a .NET web application which is to be hosted on a commercial hosting site, other than hosting it in a privacy friendly country, how can I as… Continue reading How to ensure privacy on a remotely hosted server?
I have a Windows application that does not use a database and is not on the Internet. It contains very important data (data loaded from encrypted files). The user needs a password to enter this application.
Where should I safely store th… Continue reading where should I store my application password?