derekxmartin

<?xml version="1.0" encoding="UTF-8"?>
<opml version="2.0">
  <head>
    <title>Cybersecurity Feed - Inoreader Import</title>
  </head>
  <body>
    <outline text="News &amp; Journalism" title="News &amp; Journalism">
      <outline type="rss" text="BleepingComputer" title="BleepingComputer" xmlUrl="https://www.bleepingcomputer.com/feed/" htmlUrl="https://www.bleepingcomputer.com/"/>
      <outline type="rss" text="The Hacker News" title="The Hacker News" xmlUrl="https://feeds.feedburner.com/TheHackersNews" htmlUrl="https://thehackernews.com/"/>
      <outline type="rss" text="The Record (Recorded Future News)" title="The Record (Recorded Future News)" xmlUrl="https://therecord.media/feed/" htmlUrl="https://therecord.media/"/>

derekxmartin

using Microsoft.Win32;
using Microsoft.Win32.TaskScheduler;
using NtApiDotNet;
using NtApiDotNet.Win32;
using System;
using System.IO;
using System.IO.Pipes;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Security.AccessControl;

derekxmartin

https://x.com/UnderdogWNBA/status/2034245315797082303

derekxmartin

Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "legalnoticecaption" -Value "Your Title Here"
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" -Name "legalnoticetext" -Value "Your message body here. Unauthorized access is prohibited."

derekxmartin

"""
encoders.py
XOR (single-byte, rolling) and RC4 encoding implementations.
These are intentionally simple — mirrors real-world malware tradecraft.
"""

def xor_single_byte(data: bytes, key: int = 0x41) -> bytes:
    """Single-byte XOR. Trivial but still common in commodity malware."""
    return bytes(b ^ key for b in data)

derekxmartin

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" `
    /target:library `
    /reference:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Build.Framework.dll" `
    /out:C:\Temp\TestLogger.dll `
    C:\Temp\TestLogger.cs

derekxmartin

https://derek-site-2026-6g03r9taz-derek-martins-projects.vercel.app/about/

derekxmartin

MSB-04: Atypical File — .csproj with Inline Task from Legitimate-Looking
Path
Objective:
Determine whether the detection signal can identify a malicious .csproj containing an inline C# task even
when the file resides in a directory that mimics a normal development workspace (complete with a .sln file).
This tests content-based detection rather than path-based heuristics. MSB-01 through MSB-03 already
validate detection from suspicious locations (C:\Temp). This test flips the scenario — the path looks
legitimate, but the content is malicious.
Steps:
1. Create a realistic project directory: mkdir C:\Source\MyProject\src

derekxmartin

using Microsoft.Build.Framework;
using System;
using System.IO;

// Benign test logger — writes to a temp file to prove execution
// Implements ILogger which MSBuild loads via /logger: switch
public class TestLogger : ILogger
{
    public LoggerVerbosity Verbosity { get; set; }
    public string Parameters { get; set; }

derekxmartin

<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  <Target Name="TestTarget">
    <TestTask />
  </Target>
  <UsingTask
    TaskName="TestTask"
    TaskFactory="CodeTaskFactory"
    AssemblyFile="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll">
    <Task>
      <Code Type="Fragment" Language="cs">