Security Testing: Fuzzing

While doing Threat Model for a service I’m currently implementing, I came across an attack surface that could benefit from extensive Fuzzing. It immediately reminded me about the presentation I gave few years ago at Seattle CodeCamp which I’d like to share:

Hopefully, it was helpful. Let me know what you think!

Enabling SSL on a server endpoint in Windows

The task of enabling SSL on your server is very simple. It doesn’t require any code changes assuming your server is already listening on httpand port 443.

Prerequisite:

  • On the server install a server-side certificate (includes private key) that can be verified by the client, i.e. it chains to a Trusted Root certificate that is installed on the client. This certificate should go into Certificates (Local Computer)\Personal\Certificates\. Also, make sure that the certificate’s subject is issued for your URL.

The actual steps of configuring SSL on the server is very simple:

  1. From elevated command line execute following command to delete all previous bindings for port 443 (obviously, port can be different):
    netsh http delete sslcert ipport=0.0.0.0:443
  2. From elevated command line establish binding between certificate and port:
    netsh http add sslcert ipport=0.0.0.0:443 certhash=YourCertHash appid={YOUR-APP-ID} certstorename=MY

Successful response to the first command is “SSL Certificate successfully deleted”, for the second is “SSL Certificate successfully added”. You can also see your SSL bindings using following command:

netsh http show sslcert

At this point you should be good to go – make a call from the client to your server and SSL should be established.

Good luck and let me know if you run into issues!

Unshelving TFS shelveset to a different location or branch

  1. Install Microsoft Visual Studio Team Foundation Server 2013 Power Tools, then open command line and cd into a location where you have your TFS workspace otherwise TFTP will show error
    C:\Windows\System32>tfpt unshelve
    Unable to determine the workspace.
  2. Run tfpt unshelve /?
    c:\Source\Project\tfpt>unshelve /?
    tfpt unshelve - Unshelve into workspace with pending changes
    
    This command has two separate modes of operation:
    
    1. Migrate: allows migration of shelved changes from one branch into another
       by rewriting server paths.
    
    2. Undo: allows changes from an already-unshelved shelveset to be undone,
       cleaning up pending adds, and preserving other existing pending changes in
       the workspace.
    
    Usage: tfpt unshelve /migrate /source:serverpath /target:serverpath
                         [shelvesetname[;username]] [/backup]
    
           tfpt unshelve /undo shelvesetname[;username] [/batchsize:num]
                         [/recursive] [filespec...]
    
     shelvesetname          The name of the shelveset to unshelve
     /backup                Creates a backup shelveset
     /migrate               Rewrite the server paths of the shelved items
                            (for example to unshelve into another branch)
     /source:serverpath     Source location for path rewrite (supply with /migrate)
     /target:serverpath     Target location for path rewrite (supply with /migrate)
     /undo                  Undo pending changes from an unshelved shelveset
     /batchsize:num         Set the batch size for server calls (default 500)
  3. The option you need to execute is unshelve /migrate. Specify /source, /target and shelvesetname – that should be enough. You may need to resolve conflicts, in most cases AutoMerge in the pop up dialog will do the trick.

 

Netstat and System.Net.HttpListenerException (0x80004005)

Recently I was developing web service with several Web APIs. After few check-ins I decided to step through the code.

The service wouldn’t start. What? “It worked on my machine” just few hour ago. What’s wrong?

The exception was coming out of System.Net.HttpListener (I write in C#) and the message was following: System.Net.HttpListenerException (0x80004005): The process cannot access the file because it is being used by another process.

Maybe there is a bastard process from the previous run? I checked Process Explorer – nothing. I also have ISS up and running – which I decided to stop:

iisreset -stop

I couldn’t do that either, it would throw a an error. “That’s getting more interesting”, I thought. Well, most likely something is using ports that my web service is listening on. Which port would it be? I had only 80 and 8080 ports opened on my web service. But what is it?

C:>netstat -ano | findstr :80 | findstr LISTENING
  TCP    0.0.0.0:80      0.0.0.0:0  LISTENING       6112

OK, so the PID of the server is 6112, let’s take a look what it is. Skype! Wow, that’s interesting – it was running in the background and I never had issues with it, but for whatever reason it started to listen on that port. I killed skype process and moved on to debugging my code.

18 months in Xbox security team

Year and a half ago I accepted an offer from Xbox security team.

It is very important to reflect on your career at least every year and this post is not exception. That said, in the past 18 months I was fortunate to help ship Xbox One gaming console, my experience is detailed in this top answer on Quora.

Xbox One Controller

Overall, it was a great experience. Coming from mobile OS world it was both exciting and challenging time in which I learned to:

  • design & ship security services for millions of customers
  • build advanced security solutions
  • deploy and monitor Xbox Live services
  • investigate issues in production and deliver quick fixes
  • get used to being on call 24/7 for a week at a time (we use Pager Duty)

It is hard to imagine that I would move back to client development with long development cycles and at least a year before customers will see your work. Services is incredibly fast-moving part of the company and is like a drug: once you’re hooked you keep coming for more.

Another interesting aspect of my past 18 month was to observe well-oiled team of high-caliber developers delivering security solutions at a rapid pace. The amount of learning and productivity is multiplied and you have a feeling that anything can be solved. Now, It is indeed a very hard task to hire a great team and keep reports challenged and happy, but I will cover that in the future posts.

But it all just the beginning as we every day there are new challenges, new interesting things to work on so the learning continues.

RegEx: string doesn’t start with

Recently I had to go through lots of files and find a string that does not start with semicolon ‘;‘ and ends with one of the words status, error or warning. Of course, regular expressions will help us here. Without further due, I would like to introduce RegEx:

  ^(.?$|[^;].+)(status|error|warning)

Lots of time saved!

Visual Studio 2012: Project is missing TFS status icon

Recently I had an annoying issue: C# project checked-in into TFS was added to Visual Studio 2012 solution and was lacking TFS status icon in Solution Explorer:

Missing TFS Status

Missing TFS Status

Turns out the fix to this issue is very simple:

  1. In VS2012 Menu go to File > Source Control > Advanced > Change Source Control
  2. In Change Source Control window select project that was missing TFS Status icon, it has Not Controlled status

    Change Source Control

    Change Source Control

  3. Click Bind
  4. Save your solution and check it in into TFS.
  5. Done!

 

Managing Windows registry permissions with PowerShell

… is simple. But before jumping into code sample make sure to familiarize yourself with ObjectSecurity.SetAccessRuleProtection.

And here’s the PowerShell script code:

$acl = Get-Acl HKLM:\Software\Foobar\Product

# Disable inheritance for this key (true), remove inherited access rules (false):
$acl.SetAccessRuleProtection($true, $false)

# Remove all permissions for "NT AUTHORITY\SYSTEM":
$acl.Access | where {$_.IdentityReference.Value -eq "NT AUTHORITY\SYSTEM"} | %{$acl.RemoveAccessRule($_)}
Set-Acl HKLM:\Software\Foobar\Product $acl

# Set Read-only permissions for "NT AUTHORITY\SYSTEM":
$acl = Get-Acl HKLM:\Software\Foobar\Product
$rule = New-Object System.Security.AccessControl.RegistryAccessRule ("NT AUTHORITY\SYSTEM","ReadPermissions","Allow")
$acl.AddAccessRule($rule)
Set-Acl HKLM:\Software\Foobar\Product $acl

# Now if you create subkey it will not inherit permissions from parent key:
$rootRegPath = Join-Path -path $rootRegPath -childPath SomeProduct
new-item -path $rootRegPath