Skip to main content

Posts

The craziest command line I've run to date

Here is a lovely but slightly redacted image: There's a lot going on here, so let me explain. First off, the Command Prompt is no ordinary Command Prompt. See the title bar of the window? 'cmd.exe' is running as NT AUTHORITY\SYSTEM, the most powerful user account in Windows, on my desktop as a child process of a non-elevated process via the assistance of a temporary NT System Service. A procedure that had never been done before May of 2021. I recommend reading this post (and watching the really cool video I made about it) if you haven't already done so. In short, we're already in completely uncharted territory on Windows. Since the parent process is running as NT AUTHORITY\SYSTEM, it is one step away from being able to create security tokens for other users without the user's credentials (i.e. without the user's password, biometrics, etc). The above command creates an elevated token for a user in the Administrators group from scratch, routes st
Recent posts

PSA: "There is MULTIPLE" is wrong

Okay, I'm writing this post because I'm tired of hearing "There is [MULTIPLE]" spoken everywhere and figured I'd attempt to fix this particular pet peeve. "There is" or "There's" followed by a 'multiple' is incorrect English. Likewise, "There are" or the cringe-worthy "There're" followed by a 'singular' is also incorrect. Substituting "There's" when "There are" (or "There're") should be used is also incorrect. Let me provide an example: "There's no problems to report." No. You are wrong. "There ARE quite a few problems to report." Especially with your lack of decent English. Has everyone forgotten how to speak English properly? Knowing how to communicate with complete, properly formed sentences is the foundation of a stable, functional society. Congratulations! You are about to learn how to decide when to say IS vs. ARE, which

Starting Processes on Microsoft Windows in a Completely Brand New Way

I recently came up with a completely brand new way to start processes on Microsoft Windows that's never been done before. Specifically, starting a child process of a non-elevated user as a completely different user. For those who want to understand and learn new things, here's an in-depth video on how it all works: The video covers the complex topic of Microsoft Windows security objects, moves into looking at security objects with the CubicleSoft GetTokenInformation tool , trash talks Microsoft a few times, gets into a very brief demo of some major enhancements of the CubicleSoft CreateProcess command-line tool , and finally covers how the new enhancements to the CreateProcess command-line tool work under the hood. In the video though, I only briefly demo the CreateProcess tool. That may be a slight disservice to the work that was done. So in this post, I want to cover some of the really cool things that were hand-waved over. First off, did you know that an Administ

I turned Amazon Prime Photos into an "unlimited" off-site data backup service via JPEG APP markers

It has been several years since the Amazon Cloud Drive service API went from "okay" to "completely non-functional." Since I haven't used the service for quite a while, I figured it would be an okay time to reveal how I used to use Amazon Prime Photos as an unlimited storage backup service. It all starts with modifying the JPEG file format in ways not really conceived of before. The JPEG file format is a chunked, structured binary file format. What this means is that JPEG format reserves the 0xFF byte for "markers" for the start of each "chunk" and each chunk has a specific structure. For example, a JPEG image starts with the Start of Image (SOI) marker, which is 0xFF 0xD8, so we know that if we see that sequence, we have found the start of a JPEG image. Similarly, the End of Image (EOI) marker is 0xFF 0xD9, which means we have found the end of a JPEG image. There are many other markers for specific purposes that have been reserved f

Predicting the future of COVID-19

For the past few months, I've been watching the Top 10 countries list for the ever-popular COVID-19 topic of discussion. I'm sure some people have grown tired of it at this point, but I've been tracking India with great interest as they cracked the Top 10 and have roared their way to take a solid #3 spot. There has been ZERO news in mainstream media outlets covering India despite the major influx of cases and the fact that they are really just getting started with COVID-19. What happens in India will impact the rest of the world, including the U.S. (e.g. call centers), so the lack of news is rather disappointing. This post isn't about lamenting the lack of good global news coverage but rather my attempt to write some quick-n-dirty software to crunch some numbers in an effort to predict the future. We know the future is always in flux and so any attempt to predict it will be wrong in some way or other. The first step is to find a good dataset. I went with the Our

Building complex Javascript widgets from the ground-up

I am going to use the recently published CubicleSoft File Explorer widget as the basis of this post to show the process used to create a rather complex ~8,000 line Javascript widget from scratch with no external dependencies. It took approximately 2 months to go from concept/idea to complete widget implementation with full keyboard, mouse, and touch input support that works great on desktop, tablets, and even mobile devices! There are many things I learned along the way. So while things are still fresh in my mind, I'd like to jot down and share the process involved. The above is a live demo of the widget. Feel free to interact with it for a little bit, but don't get too distracted. There's an article to read! Alright, the best place to start when designing a widget of this magnitude is the actual design. I used to use tools like Photoshop, Adobe XD, and even paper and pencil to mock up user interfaces. While those have some value, when designing for the web,