DOCSLIB.ORG

The Tao of .Net and Powershell Malware Analysis Pontiroli & Martinez

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

THE TAO OF .NET AND POWERSHELL MALWARE ANALYSIS PONTIROLI & MARTINEZ THE TAO OF .NET AND adopted proven practices from agile software development and business administration that focus on maximizing profi ts while POWERSHELL MALWARE minimizing the development time and maintenance cost of ANALYSIS these dreadful concoctions. Santiago M. Pontiroli In 2002, Microsoft released a game-changing framework that Kaspersky Lab, Argentina revolutionized the software development industry and unwittingly provided malware writers with an unimaginable F. Roberto Martinez arsenal of weapons. While ‘script kiddies’ resorted to builders and automated environments to cobble together variations of Kaspersky Lab, Mexico already-available malware samples, seasoned malware writers now had access to forums with approachable lessons on how Email {santiago.pontiroli; roberto.martinez}@ to write fresh pieces of malicious code, all with an eye to the kaspersky.com most desirable feature of all: avoiding anti-virus detection for as long as possible. Intended to compete directly with Oracle’s JAVA platform, the .NET framework provided not only a ABSTRACT comprehensive library of built-in functions but also an accompanying development environment capable of With the ubiquitous adoption of Microsoft’s .NET and supporting several high-level programming languages PowerShell frameworks, an ever increasing number of including Microsoft’s soon-to-be-fl agship C# and the evolution software development and IT ninjas are joining a nascent of Visual Basic, dubbed VB .NET. tradition of professionals leveraging these powerful environments for added effi cacy in their everyday jobs. With a Available by default in most Windows installations, the .NET wide array of libraries and cmdlets at their fi ngertips, the need framework has become the de facto standard for software to reinvent the wheel is long forgotten. development in Microsoft’s family of operating systems. Of course, malware writers are not far behind – they too have Moreover, with the 2006 addition of the increasingly powerful seen the light and are eager to use these convenient tools against PowerShell scripting framework, the interaction between .NET’s us. Whether it’s for everyday ransomware or state-sponsored supported programming languages and scripting automation has targeted campaigns, cybercriminals are now emboldened by a given software developers and system administrators an easy new arsenal that enables them to adapt with ease and agility. way to interface not only with the operating system but nearly Are you ready to defend yourself against this emerging threat? all Microsoft software, ranging from the Offi ce suite to the crown jewel, the SQL Server database engine. It’s time to understand our adversaries’ capabilities. In this paper, we’ll analyse select in-the-wild malware samples, Vast amounts of ready-to-use functionality make the picking apart the inner workings of these dastardly creations. combination of .NET and PowerShell a deadly tool in the hands We’ll introduce the cloaking mechanisms adopted by of cybercriminals. The straightforward value is immediate: cybercriminals, moving beyond managed code in execution developing simple yet effective applications to send spam, brute environments to the devious packers, obfuscators and crypters forcing credentials for virtually any service, or creating the next leveraged in conjunction with these powerful frameworks in global malicious campaign. The added benefi t: PowerShell order to baffl e malware analysts and forensic investigators. being ubiquitously whitelisted due to its importance in everyday Windows system administration and other recurring Knowing is not enough; we must apply. Willing is not enough; management activities makes it harder to prevent attacks that are we must do. With a plethora of post exploitation and lateral reliant on these deeply ingrained operating system components. movement tools created and customized every day in rapid application development environments and high-level With access to a powerful integrated development environment programming languages, defending against this kind of (IDE) such as the newly free Visual Studio, even application pervasive opponent is a full-time job. lifecycle management and rapid application development practices have become easier and are increasingly adopted by THE RISE OF .NET AND POWERSHELL today’s cybercriminals with aspirations of forming part of an organized industry. Clearly defi ned separations between MALWARE programmers, designers, testers, command-and-control server Gone are the days when a programming-savvy malware writer administrators, and everyone involved in cybercriminal would lock him/herself up in a dark basement, looking at a operations translates into maximum effi ciency and, in turn, glaring screen fi lled with assembly code. A challenge to the maximum profi ts. Computer-enabled crime and fraud have status quo has succeeded and now the self-titled cybercrime become a faithful refl ection of their ‘real-life’ counterparts. With industry has become a booming business, with criminals all cybercrime gangs stealing millions of dollars from institutions around the world wanting to jump on the bandwagon and get a (examples include Carbanak and gangs like the recently piece of the action. With a greater availability of high-level apprehended Svpeng), we are witnessing a paradigm shift in programming languages each day, some of which are even computer crime away from the ‘one-man show’ to that of an taught in high-school- and university-level courses thanks to earnest team effort. On the other side of the table, we fi nd their simplicity, lots of curious ‘wannabe criminals’ with cooperation between private security research companies and dubious intentions fi nd themselves surprisingly well equipped law enforcement agencies proving paramount in combating these to reach into the depths of the Internet and pull out examples borderless threats. The evolution in the complexity and quantity of source code and step-by-step tutorials to create their next of .NET and PowerShell malware is becoming a reality, and as malicious campaign. Instead of wanting to showcase their security researchers we need to be ready to fi ght back against technical expertise or intellectual capacity, criminals have these types of threats with the proper tools and knowledge. VIRUS BULLETIN CONFERENCE SEPTEMBER 2015 1 THE TAO OF .NET AND POWERSHELL MALWARE ANALYSIS PONTIROLI & MARTINEZ Whereas normal PE samples are better analysed using a embedded device use. A reduced version of the framework, debugger such as Olly or a disassembler such as IDA Pro, .NET Compact Framework, is available on Windows CE understanding .NET malware samples requires a specifi c set platforms, including Windows Mobile devices such as of tools that will make the malware analyst’s life much smartphones. Additionally, .NET Micro Framework is easier. The availability of free and open-source decompilers targeted at severely resource-constrained devices. and a plethora of tools to help in our analysis tasks means Amidst the number of open-sourced .NET related projects, that not only can cybercriminals benefi t from the use of we can fi nd the compiler platform code-named ‘Roslyn’, high-level programming languages, but we can benefi t as which provides open-source C# and Visual Basic compilers well. As with any endeavour, building the right toolset with rich code analysis APIs. Moreover, the .NET Core means getting prebuilt tools but also being ready to develop platform is made up of several components, including the our own when needed. What better than to fi ght fi re with aforementioned managed compilers, the runtime, the BCL fi re, by using Visual Studio, PowerShell and C# in our daily and the application model, such as ASP.NET. The majority of fi ght against malware? Integrating PowerShell with several .NET Core platform projects typically use either the MIT or .NET libraries and DLLs from currently available Apache 2 code licences. Some projects license their decompilers such as ILSpy will allow any analyst to create a documentation and other forms of content under Creative standardized process that fi ts his needs, enabling quick Commons Attribution 4.0. determination both of the sample’s behaviour and whether it warrants further research. The Mono Project is a software platform designed to allow To understand the differences in the analysis of .NET developers to easily create cross-platform applications assemblies we’ll need fi rst to briefl y review how the (Figure 1). It is an open-source implementation of Microsoft’s framework works and how a .NET PE is built. We have .NET Framework based on the ECMA standards for C# and already seen that cybercriminals have changed their habits to the Common Language Runtime. Along with the adopt new malware development practices, and as defendants implementation of the CLR we can also fi nd a cross-platform we should adapt our analysis environments too in order to IDE named MonoDevelop, making a perfect companionship counteract this evolving threat in an effi cient manner. for cross-platform .NET developers. As of Windows XP SP2 (and Windows 2003 server editions), .NET FRAMEWORK INTERNALS the .NET Framework is included by default in Microsoft operating systems. The inclusion of version 2.0 in Windows It was within Microsoft’s original plans to build the .NET XP SP2 paved the way for the availability of newer versions Framework with the ambitious goal of providing developers a in editions of Windows to follow. Windows Vista already single platform on which they could build all kinds of included versions 2.0 and 3.0, nearly reaching the ever applications. In theory, this revolutionary framework was to popular Windows 7, which included version 3.5.1 of the .NET be supported by a wide range of operating systems outside the Framework (in addition to previous framework versions with Microsoft ecosystem, having an ECMA specifi cation in place their corresponding service packs). The development path so as to aid the development of open-source implementations suggested by Microsoft is clear; making .NET an essential (e.g.
Recommended publications
  • Ironpython in Action

    Ironpython in Action

    IronPytho IN ACTION Michael J. Foord Christian Muirhead FOREWORD BY JIM HUGUNIN MANNING IronPython in Action Download at Boykma.Com Licensed to Deborah Christiansen <[email protected]> Download at Boykma.Com Licensed to Deborah Christiansen <[email protected]> IronPython in Action MICHAEL J. FOORD CHRISTIAN MUIRHEAD MANNING Greenwich (74° w. long.) Download at Boykma.Com Licensed to Deborah Christiansen <[email protected]> For online information and ordering of this and other Manning books, please visit www.manning.com. The publisher offers discounts on this book when ordered in quantity. For more information, please contact Special Sales Department Manning Publications Co. Sound View Court 3B fax: (609) 877-8256 Greenwich, CT 06830 email: [email protected] ©2009 by Manning Publications Co. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by means electronic, mechanical, photocopying, or otherwise, without prior written permission of the publisher. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in the book, and Manning Publications was aware of a trademark claim, the designations have been printed in initial caps or all caps. Recognizing the importance of preserving what has been written, it is Manning’s policy to have the books we publish printed on acid-free paper, and we exert our best efforts to that end. Recognizing also our responsibility to conserve the resources of our planet, Manning books are printed on paper that is at least 15% recycled and processed without the use of elemental chlorine.
  • Safety Properties Liveness Properties

    Safety Properties Liveness Properties

    Computer security Goal: prevent bad things from happening PLDI’06 Tutorial T1: Clients not paying for services Enforcing and Expressing Security Critical service unavailable with Programming Languages Confidential information leaked Important information damaged System used to violate laws (e.g., copyright) Andrew Myers Conventional security mechanisms aren’t Cornell University up to the challenge http://www.cs.cornell.edu/andru PLDI Tutorial: Enforcing and Expressing Security with Programming Languages - Andrew Myers 2 Harder & more important Language-based security In the ’70s, computing systems were isolated. Conventional security: program is black box software updates done infrequently by an experienced Encryption administrator. Firewalls you trusted the (few) programs you ran. System calls/privileged mode physical access was required. Process-level privilege and permissions-based access control crashes and outages didn’t cost billions. The Internet has changed all of this. Prevents addressing important security issues: Downloaded and mobile code we depend upon the infrastructure for everyday services you have no idea what programs do. Buffer overruns and other safety problems software is constantly updated – sometimes without your knowledge Extensible systems or consent. Application-level security policies a hacker in the Philippines is as close as your neighbor. System-level security validation everything is executable (e.g., web pages, email). Languages and compilers to the rescue! PLDI Tutorial: Enforcing
  • Opening Presentation

    Opening Presentation

    Mono Meeting. Miguel de Icaza [email protected] October 24, 2006 Mono, Novell and the Community. Mono would not exist without the community: • Individual contributors. • Companies using Mono. • Organizations using Mono. • Companies using parts of Mono. • Google Summer of Code. Introductions. 2 Goals of the Meeting. A chance to meet. • Most of the Novell/Mono team is here. • Many contributors are here. • Various breaks to talk. Talk to others! • Introduce yourself, ask questions. Talk to us! • Frank Rego, Mono's Product Manager is here. • Tell us what you need in Mono. • Tell us about how you use Mono. 3 Project Status Goals Originally: • Improve our development platform on Linux. As the community grew: • Expand to support Microsoft APIs. As Mono got more complete: • Provide a complete cross platform runtime. • Allow Windows developers to port to Linux. 5 Mono Stacks and Goals. MySMQySQLL//PPosstgtrgesrsess EvEovolluutitioonn# # ASP.NET Novell APIs: MMoozzillala Novell iFolder iFolder, LDAP, Identity ADO.NET ApAapchachee MMonoono DesktoGpTK#: GTK# OpNoevenlOl LfDfAiPce GCneomceil# Windows.Forms JavaJa vCa oCommpaatitbilbitiylity Google APIs Microsoft Compatibility Libraries Mono Libraries Mono Runtime (Implementation of ECMA #335) 6 Platforms, CIL, Code Generation. 7 API space Mono 1.0: July 2004 “T-Bone” Mono 1.2: November 2006 “Rump steak” Mono 1.2 bits. Reliability and C# 2.0, .NET 2.0 scalability: • Complete. • With VM support. • ZenWorks and iFolder • Some 2.0 API support. pushed Mono on the server. • IronPython works. • xsp 1.0: 8 request/second. • xsp 1.2: 250 Debugger: request/second. • x86 and x86-64 debugger. GUI • CLI-only, limited in scenarios (no xsp).
  • Attacker Antics Illustrations of Ingenuity

    Attacker Antics Illustrations of Ingenuity

    ATTACKER ANTICS ILLUSTRATIONS OF INGENUITY Bart Inglot and Vincent Wong FIRST CONFERENCE 2018 2 Bart Inglot ◆ Principal Consultant at Mandiant ◆ Incident Responder ◆ Rock Climber ◆ Globetrotter ▶ From Poland but live in Singapore ▶ Spent 1 year in Brazil and 8 years in the UK ▶ Learning French… poor effort! ◆ Twitter: @bartinglot ©2018 FireEye | Private & Confidential 3 Vincent Wong ◆ Principal Consultant at Mandiant ◆ Incident Responder ◆ Baby Sitter ◆ 3 years in Singapore ◆ Grew up in Australia ©2018 FireEye | Private & Confidential 4 Disclosure Statement “ Case studies and examples are drawn from our experiences and activities working for a variety of customers, and do not represent our work for any one customer or set of customers. In many cases, facts have been changed to obscure the identity of our customers and individuals associated with our customers. ” ©2018 FireEye | Private & Confidential 5 Today’s Tales 1. AV Server Gone Bad 2. Stealing Secrets From An Air-Gapped Network 3. A Backdoor That Uses DNS for C2 4. Hidden Comment That Can Haunt You 5. A Little Known Persistence Technique 6. Securing Corporate Email is Tricky 7. Hiding in Plain Sight 8. Rewriting Import Table 9. Dastardly Diabolical Evil (aka DDE) ©2018 FireEye | Private & Confidential 6 AV SERVER GONE BAD Cobalt Strike, PowerShell & McAfee ePO (1/9) 7 AV Server Gone Bad – Background ◆ Attackers used Cobalt Strike (along with other malware) ◆ Easily recognisable IOCs when recorded by Windows Event Logs ▶ Random service name – also seen with Metasploit ▶ Base64-encoded script, “%COMSPEC%” and “powershell.exe” ▶ Decoding the script yields additional PowerShell script with a base64-encoded GZIP stream that in turn contained a base64-encoded Cobalt Strike “Beacon” payload.
  • Cyclone: a Type-Safe Dialect of C∗

    Cyclone: a Type-Safe Dialect of C∗

    Cyclone: A Type-Safe Dialect of C∗ Dan Grossman Michael Hicks Trevor Jim Greg Morrisett If any bug has achieved celebrity status, it is the • In C, an array of structs will be laid out contigu- buffer overflow. It made front-page news as early ously in memory, which is good for cache locality. as 1987, as the enabler of the Morris worm, the first In Java, the decision of how to lay out an array worm to spread through the Internet. In recent years, of objects is made by the compiler, and probably attacks exploiting buffer overflows have become more has indirections. frequent, and more virulent. This year, for exam- ple, the Witty worm was released to the wild less • C has data types that match hardware data than 48 hours after a buffer overflow vulnerability types and operations. Java abstracts from the was publicly announced; in 45 minutes, it infected hardware (“write once, run anywhere”). the entire world-wide population of 12,000 machines running the vulnerable programs. • C has manual memory management, whereas Notably, buffer overflows are a problem only for the Java has garbage collection. Garbage collec- C and C++ languages—Java and other “safe” lan- tion is safe and convenient, but places little con- guages have built-in protection against them. More- trol over performance in the hands of the pro- over, buffer overflows appear in C programs written grammer, and indeed encourages an allocation- by expert programmers who are security concious— intensive style. programs such as OpenSSH, Kerberos, and the com- In short, C programmers can see the costs of their mercial intrusion detection programs that were the programs simply by looking at them, and they can target of Witty.
  • Powershell Integration with Vmware View 5.0

    Powershell Integration with Vmware View 5.0

    PowerShell Integration with VMware® View™ 5.0 TECHNICAL WHITE PAPER PowerShell Integration with VMware View 5.0 Table of Contents Introduction . 3 VMware View. 3 Windows PowerShell . 3 Architecture . 4 Cmdlet dll. 4 Communication with Broker . 4 VMware View PowerCLI Integration . 5 VMware View PowerCLI Prerequisites . 5 Using VMware View PowerCLI . 5 VMware View PowerCLI cmdlets . 6 vSphere PowerCLI Integration . 7 Examples of VMware View PowerCLI and VMware vSphere PowerCLI Integration . 7 Passing VMs from Get-VM to VMware View PowerCLI cmdlets . 7 Registering a vCenter Server . .. 7 Using Other VMware vSphere Objects . 7 Advanced Usage . 7 Integrating VMware View PowerCLI into Your Own Scripts . 8 Scheduling PowerShell Scripts . 8 Workflow with VMware View PowerCLI and VMware vSphere PowerCLI . 9 Sample Scripts . 10 Add or Remove Datastores in Automatic Pools . 10 Add or Remove Virtual Machines . 11 Inventory Path Manipulation . 15 Poll Pool Usage . 16 Basic Troubleshooting . 18 About the Authors . 18 TECHNICAL WHITE PAPER / 2 PowerShell Integration with VMware View 5.0 Introduction VMware View VMware® View™ is a best-in-class enterprise desktop virtualization platform. VMware View separates the personal desktop environment from the physical system by moving desktops to a datacenter, where users can access them using a client-server computing model. VMware View delivers a rich set of features required for any enterprise deployment by providing a robust platform for hosting virtual desktops from VMware vSphere™. Windows PowerShell Windows PowerShell is Microsoft’s command line shell and scripting language. PowerShell is built on the Microsoft .NET Framework and helps in system administration. By providing full access to COM (Component Object Model) and WMI (Windows Management Instrumentation), PowerShell enables administrators to perform administrative tasks on both local and remote Windows systems.
  • Cs164: Introduction to Programming Languages and Compilers

    Cs164: Introduction to Programming Languages and Compilers

    Lecture 19 Flow Analysis flow analysis in prolog; applications of flow analysis Ras Bodik Hack Your Language! CS164: Introduction to Programming Ali and Mangpo Languages and Compilers, Spring 2013 UC Berkeley 1 Today Static program analysis what it computes and how are its results used Points-to analysis analysis for understanding flow of pointer values Andersen’s algorithm approximation of programs: how and why Andersen’s algorithm in Prolog points-to analysis expressed via just four deduction rules Andersen’s algorithm via CYK parsing (optional) expressed as CYK parsing of a graph representing the pgm Static Analysis of Programs definition and motivation 3 Static program analysis Computes program properties used by a range of clients: compiler optimizers, static debuggers, security audit tools, IDEs, … Static analysis == at compile time – that is, prior to seeing the actual input ==> analysis answer must be correct for all possible inputs Sample program properties: does variable x has a constant value (for all inputs)? does foo() return a table (whenever called, on all inputs)? 4 Client 1: Program Optimization Optimize program by finding constant subexpressions Ex: replace x[i] with x[1] if we know that i is always 1. This optimizations saves the address computation. This analysis is called constant propagation i = 2 … i = i+2 … if (…) { …} … x[i] = x[i-1] 5 Client 2: Find security vulnerabilities One specific analysis: find broken sanitization In a web server program, as whether a value can flow from POST (untrusted source) to the SQL interpreter (trusted sink) without passing through the cgi.escape() sanitizer? This is taint analysis.
  • Run-Commands-Windows-10.Pdf

    Run-Commands-Windows-10.Pdf

    Run Commands Windows 10 by Bettertechtips.com Command Action Command Action documents Open Documents Folder devicepairingwizard Device Pairing Wizard videos Open Videos Folder msdt Diagnostics Troubleshooting Wizard downloads Open Downloads Folder tabcal Digitizer Calibration Tool favorites Open Favorites Folder dxdiag DirectX Diagnostic Tool recent Open Recent Folder cleanmgr Disk Cleanup pictures Open Pictures Folder dfrgui Optimie Drive devicepairingwizard Add a new Device diskmgmt.msc Disk Management winver About Windows dialog dpiscaling Display Setting hdwwiz Add Hardware Wizard dccw Display Color Calibration netplwiz User Accounts verifier Driver Verifier Manager azman.msc Authorization Manager utilman Ease of Access Center sdclt Backup and Restore rekeywiz Encryption File System Wizard fsquirt fsquirt eventvwr.msc Event Viewer calc Calculator fxscover Fax Cover Page Editor certmgr.msc Certificates sigverif File Signature Verification systempropertiesperformance Performance Options joy.cpl Game Controllers printui Printer User Interface iexpress IExpress Wizard charmap Character Map iexplore Internet Explorer cttune ClearType text Tuner inetcpl.cpl Internet Properties colorcpl Color Management iscsicpl iSCSI Initiator Configuration Tool cmd Command Prompt lpksetup Language Pack Installer comexp.msc Component Services gpedit.msc Local Group Policy Editor compmgmt.msc Computer Management secpol.msc Local Security Policy: displayswitch Connect to a Projector lusrmgr.msc Local Users and Groups control Control Panel magnify Magnifier
  • Design and Implementation of Generics for the .NET Common Language Runtime

    Design and Implementation of Generics for the .NET Common Language Runtime

    Design and Implementation of Generics for the .NET Common Language Runtime Andrew Kennedy Don Syme Microsoft Research, Cambridge, U.K. fakeÒÒ¸d×ÝÑeg@ÑicÖÓ×ÓfغcÓÑ Abstract cally through an interface definition language, or IDL) that is nec- essary for language interoperation. The Microsoft .NET Common Language Runtime provides a This paper describes the design and implementation of support shared type system, intermediate language and dynamic execution for parametric polymorphism in the CLR. In its initial release, the environment for the implementation and inter-operation of multiple CLR has no support for polymorphism, an omission shared by the source languages. In this paper we extend it with direct support for JVM. Of course, it is always possible to “compile away” polymor- parametric polymorphism (also known as generics), describing the phism by translation, as has been demonstrated in a number of ex- design through examples written in an extended version of the C# tensions to Java [14, 4, 6, 13, 2, 16] that require no change to the programming language, and explaining aspects of implementation JVM, and in compilers for polymorphic languages that target the by reference to a prototype extension to the runtime. JVM or CLR (MLj [3], Haskell, Eiffel, Mercury). However, such Our design is very expressive, supporting parameterized types, systems inevitably suffer drawbacks of some kind, whether through polymorphic static, instance and virtual methods, “F-bounded” source language restrictions (disallowing primitive type instanti- type parameters, instantiation at pointer and value types, polymor- ations to enable a simple erasure-based translation, as in GJ and phic recursion, and exact run-time types.
  • Microsoft Patches Were Evaluated up to and Including CVE-2020-1587

    Microsoft Patches Were Evaluated up to and Including CVE-2020-1587

    Honeywell Commercial Security 2700 Blankenbaker Pkwy, Suite 150 Louisville, KY 40299 Phone: 1-502-297-5700 Phone: 1-800-323-4576 Fax: 1-502-666-7021 https://www.security.honeywell.com The purpose of this document is to identify the patches that have been delivered by Microsoft® which have been tested against Pro-Watch. All the below listed patches have been tested against the current shipping version of Pro-Watch with no adverse effects being observed. Microsoft Patches were evaluated up to and including CVE-2020-1587. Patches not listed below are not applicable to a Pro-Watch system. 2020 – Microsoft® Patches Tested with Pro-Watch CVE-2020-1587 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2020-1584 Windows dnsrslvr.dll Elevation of Privilege Vulnerability CVE-2020-1579 Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability CVE-2020-1578 Windows Kernel Information Disclosure Vulnerability CVE-2020-1577 DirectWrite Information Disclosure Vulnerability CVE-2020-1570 Scripting Engine Memory Corruption Vulnerability CVE-2020-1569 Microsoft Edge Memory Corruption Vulnerability CVE-2020-1568 Microsoft Edge PDF Remote Code Execution Vulnerability CVE-2020-1567 MSHTML Engine Remote Code Execution Vulnerability CVE-2020-1566 Windows Kernel Elevation of Privilege Vulnerability CVE-2020-1565 Windows Elevation of Privilege Vulnerability CVE-2020-1564 Jet Database Engine Remote Code Execution Vulnerability CVE-2020-1562 Microsoft Graphics Components Remote Code Execution Vulnerability
  • Salesforce CLI Plug-In Developer Guide

    Salesforce CLI Plug-In Developer Guide

    Salesforce CLI Plug-In Developer Guide Salesforce, Winter ’22 @salesforcedocs Last updated: July 21, 2021 © Copyright 2000–2021 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of salesforce.com, inc., as are other names and marks. Other marks appearing herein may be trademarks of their respective owners. CONTENTS Salesforce CLI Plug-In Developer Guide . 1 Salesforce CLI Plug-Ins . 1 Salesforce CLI Architecture . 3 Get Started with Salesforce CLI Plug-In Generation . 5 Naming and Messages for Salesforce CLI Plug-Ins . 7 Customize Your Salesforce CLI Plug-In . 13 Test Your Salesforce CLI Plug-In . 32 Debug Your Salesforce CLI Plug-In . 33 Best Practices for Salesforce CLI Plug-In Development . 33 Resources for Salesforce CLI Plug-In Development . 35 SALESFORCE CLI PLUG-IN DEVELOPER GUIDE Discover how to develop your own plug-ins for Salesforce CLI. Explore the Salesforce CLI architecture. Learn how to generate a plug-in using Salesforce Plug-In Generator, use Salesforce’s libraries to add functionality to your plug-in, and debug issues. Learn about our suggested style guidelines for naming and messages and our recommended best practices for plug-ins. Salesforce CLI Plug-Ins A plug-in adds functionality to Salesforce CLI. Some plug-ins are provided by Salesforce and are installed by default when you install the CLI. Some plug-ins, built by Salesforce and others, you install. When you have a requirement that an existing plug-in doesn’t meet, you can build your own using Node.js. Salesforce CLI Architecture Before you get started with adding functionality to Salesforce CLI, let’s take a high-level look at how the CLI and its dependencies and plug-ins work together.
  • NET Framework

    NET Framework

    Advanced Windows Programming .NET Framework based on: A. Troelsen, Pro C# 2005 and .NET 2.0 Platform, 3rd Ed., 2005, Apress J. Richter, Applied .NET Frameworks Programming, 2002, MS Press D. Watkins et al., Programming in the .NET Environment, 2002, Addison Wesley T. Thai, H. Lam, .NET Framework Essentials, 2001, O’Reilly D. Beyer, C# COM+ Programming, M&T Books, 2001, chapter 1 Krzysztof Mossakowski Faculty of Mathematics and Information Science http://www.mini.pw.edu.pl/~mossakow Advanced Windows Programming .NET Framework - 2 Contents The most important features of .NET Assemblies Metadata Common Type System Common Intermediate Language Common Language Runtime Deploying .NET Runtime Garbage Collection Serialization Krzysztof Mossakowski Faculty of Mathematics and Information Science http://www.mini.pw.edu.pl/~mossakow Advanced Windows Programming .NET Framework - 3 .NET Benefits In comparison with previous Microsoft’s technologies: Consistent programming model – common OO programming model Simplified programming model – no error codes, GUIDs, IUnknown, etc. Run once, run always – no "DLL hell" Simplified deployment – easy to use installation projects Wide platform reach Programming language integration Simplified code reuse Automatic memory management (garbage collection) Type-safe verification Rich debugging support – CLR debugging, language independent Consistent method failure paradigm – exceptions Security – code access security Interoperability – using existing COM components, calling Win32 functions Krzysztof