Some recent developments:
1. Since 2018 i've gone from slumbering in .NET Framework 3.5 to 4.0, 4.5, and this year to 4.7.2 to 4.8. This has been a necessary development since i needed more functionality, especially in cryptography, for example accessing TLS functions and enumerating certificate metadata.
Microsoft have really stepped up the release cycle of .NET, i remember coding in Visual Studio 2003 Enterprise for like a decade, i think it was .NET 2.0 which required lots of Win32 imports and your own functions to get things done.
2. I've also tested other cryptographic libraries like BouncyCastle, and while the cryptographic functionality is WAAAY beyond what MS offers in .NET, i'm not sure that it is a good fit on Linux/Mac platforms as there are no binaries on those platforms, except for Java - and that is not an option if you want to do agents that do realtime detection and collect forensic traces on Windows platforms.
3. I've also dug into .NET Core 5 and quickly went to 6.0 to keep myself current and not get stuck in a soon deprecated dev environment. Only problem i've run into is Cryptography, as some things are not supported. I even had to backport a bit of code (and add a ugly solution to it) to support .NET FW 4.8 to make some things compatible.
My hope is that I'll be able to port every infra related code to .NET Core 6 and skip 4.x, but this would require .NET core on all Windows clients and i'm not sure if Core 6 will be installed by default on enterprise endpoint clients.
4. I'm exploring options for a simple solution to make GUI applications on Linux. This is not quite a priority, but the simplest solution appears to write an HTTP server that listen on loopback interface and parsing <Form> controls, this allows for simple design of GUIs in a basic HTML editor even with CSS elements (loadable from disk or an embedded B64 blob). I like this solution best as it does not require any third party dependencies and will just work on ALL platforms.
5. Recently went back to tinkering with visualization, had forgotten quite a bit about it, but was able to pick up things and even develop some new capabilities. I'm also doing some GUI development to support customization, multiscreen layout and i was even able to do skinnable windows - like Winamp.
True- not quite an important feature, but if you're gonna work 40 hours a week doing analysis, it helps to be able to customise your working environment to fit your own taste.
6. The most important thing that has happened recently is me picking up .NET core (by being curious). This was quite fruitful as I now can produce ELF binaries for Linux systems, was able to quickly port an agent from Windows to Linux as a test. Also done lots of research on Linux malware, like persistence mechanisms and lolbins so i know where to do collection of forensic artefacts.
I wonder what i will learn in 2022/2023...
My advice for anyone who reads this and wonder how to learn new things - my advice is to tinker and play around with things. Be curious and try new stuff ... or break stuff. Dig into subjects you like - the rewards will be amazing.
1. Since 2018 i've gone from slumbering in .NET Framework 3.5 to 4.0, 4.5, and this year to 4.7.2 to 4.8. This has been a necessary development since i needed more functionality, especially in cryptography, for example accessing TLS functions and enumerating certificate metadata.
Microsoft have really stepped up the release cycle of .NET, i remember coding in Visual Studio 2003 Enterprise for like a decade, i think it was .NET 2.0 which required lots of Win32 imports and your own functions to get things done.
2. I've also tested other cryptographic libraries like BouncyCastle, and while the cryptographic functionality is WAAAY beyond what MS offers in .NET, i'm not sure that it is a good fit on Linux/Mac platforms as there are no binaries on those platforms, except for Java - and that is not an option if you want to do agents that do realtime detection and collect forensic traces on Windows platforms.
3. I've also dug into .NET Core 5 and quickly went to 6.0 to keep myself current and not get stuck in a soon deprecated dev environment. Only problem i've run into is Cryptography, as some things are not supported. I even had to backport a bit of code (and add a ugly solution to it) to support .NET FW 4.8 to make some things compatible.
My hope is that I'll be able to port every infra related code to .NET Core 6 and skip 4.x, but this would require .NET core on all Windows clients and i'm not sure if Core 6 will be installed by default on enterprise endpoint clients.
4. I'm exploring options for a simple solution to make GUI applications on Linux. This is not quite a priority, but the simplest solution appears to write an HTTP server that listen on loopback interface and parsing <Form> controls, this allows for simple design of GUIs in a basic HTML editor even with CSS elements (loadable from disk or an embedded B64 blob). I like this solution best as it does not require any third party dependencies and will just work on ALL platforms.
5. Recently went back to tinkering with visualization, had forgotten quite a bit about it, but was able to pick up things and even develop some new capabilities. I'm also doing some GUI development to support customization, multiscreen layout and i was even able to do skinnable windows - like Winamp.
True- not quite an important feature, but if you're gonna work 40 hours a week doing analysis, it helps to be able to customise your working environment to fit your own taste.
6. The most important thing that has happened recently is me picking up .NET core (by being curious). This was quite fruitful as I now can produce ELF binaries for Linux systems, was able to quickly port an agent from Windows to Linux as a test. Also done lots of research on Linux malware, like persistence mechanisms and lolbins so i know where to do collection of forensic artefacts.
I wonder what i will learn in 2022/2023...
My advice for anyone who reads this and wonder how to learn new things - my advice is to tinker and play around with things. Be curious and try new stuff ... or break stuff. Dig into subjects you like - the rewards will be amazing.