DOCSLIB.ORG

Microsoft .NET Framework - 2 Summarysummary

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Microsoft .NET Framework - 2 Summarysummary MicrosoftMicrosoft .NET.NET FrameworkFramework 7th Brazilian Symposium on Programming Languages Ouro Preto, MG, Brazil - May 28-30, 2003 AlissonAlisson SolSol SoftwareSoftware DesignDesign EngineerEngineer LeadLead MicrosoftMicrosoft CorporationCorporation AcknowledgementsAcknowledgements RedmondRedmond teamsteams MicrosoftMicrosoft BusinessBusiness SolutionsSolutions InformationInformation WorkerWorker –– NewNew MarketsMarkets PartPart II basedbased onon presentationpresentation byby BradBrad AbramsAbrams MicrosoftMicrosoft BrasilBrasil UniversityUniversity RelationsRelations LegalLegal WarningWarning OpinionsOpinions inin thisthis presentationpresentation dodo notnot necessarilynecessarily representrepresent thosethose ofof MicrosoftMicrosoft CorporationCorporation Microsoft .NET Framework - 2 SummarySummary PartPart II –– .NET.NET FrameworkFramework OverviewOverview Concepts Architecture Features PartPart IIII –– ApplicationApplication DevelopmentDevelopment Samples Tools NoteNote Some concepts from C# language presented on another lecture Will not explain programming language details Microsoft .NET Framework - 3 .NET.NET FrameworkFramework OverviewOverview MicrosoftMicrosoft .NET.NET FrameworkFramework -- PartPart II DefinitionDefinition OldOld .NET.NET isis thethe MicrosoftMicrosoft platformplatform forfor XMLXML WebWeb services.services. NewNew .NET.NET isis thethe setset ofof MicrosoftMicrosoft technologiestechnologies forfor connectingconnecting youryour worldworld ofof information,information, people,people, systems,systems, andand devices.devices. .NET.NET isis infusedinfused intointo thethe MicrosoftMicrosoft platformplatform providingproviding thethe abilityability toto build,build, host,host, deploydeploy andand consumeconsume XMLXML WebWeb serviceservice connectedconnected solutions.solutions. Microsoft .NET Framework - 5 DesignDesign GoalsGoals SimplifiedSimplified developmentdevelopment UnifiedUnified programmingprogramming modelsmodels WebWeb standardsstandards andand bestbest practicespractices SimpleSimple toto deploy,deploy, run,run, && maintainmaintain Microsoft .NET Framework - 6 Framework,Framework, Languages,Languages, AndAnd ToolsTools VB C++ C# JScript … Common Language Specification Visual Studio.NET ASP.NET Windows Forms Data and XML Base Class Library Common Language Runtime Microsoft .NET Framework - 7 Framework,Framework, Languages,Languages, AndAnd ToolsTools VB C++ C# JScript … Common Language Specification Visual Studio.NET ASP.NET Windows Forms Data and XML Base Class Library Common Language Runtime Microsoft .NET Framework - 8 CLRCLR DesignDesign GoalsGoals DramaticallyDramatically simplifysimplify applicationapplication developmentdevelopment ProvideProvide aa robustrobust andand securesecure executionexecution environmentenvironment SupportSupport multiplemultiple programmingprogramming languageslanguages SimplifySimplify deploymentdeployment andand managementmanagement Microsoft .NET Framework - 9 TheThe .NET.NET EvolutionEvolution Application Code and data structures Before COM, applications were completely separate entities with little or no integration Microsoft .NET Framework - 10 TheThe .NET.NET EvolutionEvolution COM provides a way for components to integrate. However, each component must provide the “plumbing” and objects cannot directly interact. Microsoft .NET Framework - 11 TheThe .NET.NET EvolutionEvolution With the .NET Framework common language runtime, components are built on a common substrate. No “plumbing” is needed and objects can directly interact Microsoft .NET Framework - 12 SimplifySimplify DevelopmentDevelopment CompletelyCompletely eliminateseliminates COMCOM plumbingplumbing NoNo more…more… RegistrationRegistration =>self described apps GUIDsGUIDs =>hierarchical namespaces .IDL.IDL filesfiles =>unified object model HRESULTsHRESULTs =>structured exceptions IUnknownIUnknown =>common root object AddRef/releaseAddRef/release =>garbage collector CoCreateInstanceCoCreateInstance =>”new” operator Microsoft .NET Framework - 13 SimplifySimplify DevelopmentDevelopment CommonCommon TypeType SystemSystem CommonCommon instanceinstance andand typetype definitiondefinition EnablesEnables cleanclean OOOO programmingprogramming ClassesClasses andand InterfacesInterfaces Constructors,Constructors, Properties,Properties, MethodsMethods CrossCross languagelanguage inheritanceinheritance Microsoft .NET Framework - 14 InheritanceInheritance Animal C#C# Mammal Bird JavaJava VBVB Microsoft .NET Framework - 15 CommonCommon LanguageLanguage RuntimeRuntime Base Class Library Support Thread Support COM Marshaler Type Checker Exception Manager Security Engine Debug Engine IL to Native Code Garbage Compilers Manager Collector Class Loader Microsoft .NET Framework - 16 CompilationCompilation andand ExecutionExecution Compilation Code Source Language MSIL Code Compiler Metadata Native JIT Code Compiler Before installation or the first time each Execution method is called Microsoft .NET Framework - 17 MetadataMetadata KeyKey toto simplersimpler programmingprogramming modelmodel GeneratedGenerated automaticallyautomatically StoredStored withwith codecode inin executableexecutable filefile (.dll(.dll oror .exe).exe) UsesUses existingexisting COFFCOFF formatformat Via existing extension mechanism StoredStored inin binarybinary formatformat ConvertibleConvertible to/fromto/from XMLXML SchemaSchema ConvertibleConvertible to/fromto/from COMCOM typetype librarieslibraries Microsoft .NET Framework - 18 Metadata:Metadata: CreationCreation AndAnd UseUse Source Reflection Serialization Code (e.g. SOAP) Designers Other Compiler Compiler Debugger Type Browser MetadataMetadata Profiler (and code) Schema Proxy Generator Generator XML encoding (WSDL) Microsoft .NET Framework - 19 RobustRobust AndAnd SecureSecure AutomaticAutomatic lifetimelifetime managementmanagement AllAll .NET.NET objectsobjects areare garbagegarbage collectedcollected NoNo straystray pointers,pointers, nono circularcircular referencesreferences MultiMulti--generationalgenerational markmark--andand--compactcompact GCGC SelfSelf configuring,configuring, dynamicallydynamically tunedtuned ExceptionException handlinghandling ErrorError handlinghandling isis aa 1st1st classclass conceptconcept (not(not boolbool oror HRESULTs)HRESULTs) DramaticallyDramatically improvedimproved errorerror reportingreporting IntegratedIntegrated withwith windowswindows SEHSEH Microsoft .NET Framework - 20 RobustRobust AndAnd SecureSecure Native code compilation MSIL No interpreter Install-time or run-time IL to native compilation C++ managed extensions Code correctness and type-safety IL can be verified to guarantee type-safety No unsafe casts, no uninitialized variables, no out-of-bounds array indexing Evidence-based security Policy grants permissions based on evidence (signatures, origin) Extensible permissions and policy Microsoft .NET Framework - 21 MultiMulti--languagelanguage PlatformPlatform TheThe freedomfreedom toto choosechoose languagelanguage AllAll featuresfeatures ofof .NET.NET platformplatform availableavailable toto anyany .NET.NET programmingprogramming languagelanguage ApplicationApplication componentscomponents cancan bebe writtenwritten inin multiplemultiple languageslanguages HighlyHighly leveragedleveraged toolstools Debuggers,Debuggers, profilers,profilers, codecode coveragecoverage analyzers,analyzers, etc.etc. WorkWork forfor allall languageslanguages Microsoft .NET Framework - 22 DeploymentDeployment AndAnd ManagementManagement AssembliesAssemblies TheThe unitunit ofof deployment,deployment, versioning,versioning, andand securitysecurity LikeLike DLLs,DLLs, butbut selfself--describingdescribing throughthrough manifestmanifest ZeroZero--impactimpact installinstall ApplicationsApplications andand componentscomponents cancan bebe sharedshared oror privateprivate SideSide--byby--sideside executionexecution MultipleMultiple versionsversions ofof thethe samesame componentcomponent cancan coco--exist,exist, eveneven inin thethe samesame processprocess Microsoft .NET Framework - 23 AssembliesAssemblies UnitUnit ofof deploymentdeployment One or more files, independent of packaging Self-describing via manifest VersioningVersioning Provided by compiler use of attributes Policy per-application as well as per-machine SecuritySecurity boundaryboundary Assemblies are granted permissions Methods can demand proof that a permission has been granted to entire call chain TypesTypes namednamed relativerelative toto assemblyassembly Microsoft .NET Framework - 24 SeamlessSeamless IntegrationIntegration AnyAny .NET.NET classclass cancan bebe usedused asas aa COMCOM classclass withwith zerozero extraextra workwork COMCOM classesclasses cancan bebe importedimported asas .NET.NET classesclasses .NET.NET classesclasses utilizeutilize com+com+ servicesservices TransactionsTransactions ObjectObject poolingpooling Etc…Etc… DLLDLL entryentry pointspoints C++C++ managedmanaged extensionsextensions Microsoft .NET Framework - 25 Framework,Framework, Languages,Languages, AndAnd ToolsTools VB C++ C# JScript … Common Language Specification Visual Studio.NET ASP.NET Windows Forms Data and XML Base Class Library Common Language Runtime Microsoft .NET Framework - 26 FrameworkFramework DesignDesign GoalsGoals MakeMake itit simplesimple toto useuse FactoredFactored andand extensibleextensible WebWeb standardsstandards andand practicespractices asas thethe foundationfoundation UnifyUnify applicationapplication modelsmodels Microsoft .NET Framework - 27 MakeMake ItIt SimpleSimple
Load more

Recommended publications
  • Interaction Between Web Browsers and Script Engines
    IT 12 058 Examensarbete 45 hp November 2012 Interaction between web browsers and script engines Xiaoyu Zhuang Institutionen för informationsteknologi Department of Information Technology Abstract Interaction between web browser and the script engine Xiaoyu Zhuang Teknisk- naturvetenskaplig fakultet UTH-enheten Web browser plays an important part of internet experience and JavaScript is the most popular programming language as a client side script to build an active and Besöksadress: advance end user experience. The script engine which executes JavaScript needs to Ångströmlaboratoriet Lägerhyddsvägen 1 interact with web browser to get access to its DOM elements and other host objects. Hus 4, Plan 0 Browser from host side needs to initialize the script engine and dispatch script source code to the engine side. Postadress: This thesis studies the interaction between the script engine and its host browser. Box 536 751 21 Uppsala The shell where the engine address to make calls towards outside is called hosting layer. This report mainly discussed what operations could appear in this layer and Telefon: designed testing cases to validate if the browser is robust and reliable regarding 018 – 471 30 03 hosting operations. Telefax: 018 – 471 30 00 Hemsida: http://www.teknat.uu.se/student Handledare: Elena Boris Ämnesgranskare: Justin Pearson Examinator: Lisa Kaati IT 12 058 Tryckt av: Reprocentralen ITC Contents 1. Introduction................................................................................................................................
    [Show full text]
  • NET Framework
    Advanced Windows Programming .NET Framework based on: A. Troelsen, Pro C# 2005 and .NET 2.0 Platform, 3rd Ed., 2005, Apress J. Richter, Applied .NET Frameworks Programming, 2002, MS Press D. Watkins et al., Programming in the .NET Environment, 2002, Addison Wesley T. Thai, H. Lam, .NET Framework Essentials, 2001, O’Reilly D. Beyer, C# COM+ Programming, M&T Books, 2001, chapter 1 Krzysztof Mossakowski Faculty of Mathematics and Information Science http://www.mini.pw.edu.pl/~mossakow Advanced Windows Programming .NET Framework - 2 Contents The most important features of .NET Assemblies Metadata Common Type System Common Intermediate Language Common Language Runtime Deploying .NET Runtime Garbage Collection Serialization Krzysztof Mossakowski Faculty of Mathematics and Information Science http://www.mini.pw.edu.pl/~mossakow Advanced Windows Programming .NET Framework - 3 .NET Benefits In comparison with previous Microsoft’s technologies: Consistent programming model – common OO programming model Simplified programming model – no error codes, GUIDs, IUnknown, etc. Run once, run always – no "DLL hell" Simplified deployment – easy to use installation projects Wide platform reach Programming language integration Simplified code reuse Automatic memory management (garbage collection) Type-safe verification Rich debugging support – CLR debugging, language independent Consistent method failure paradigm – exceptions Security – code access security Interoperability – using existing COM components, calling Win32 functions Krzysztof
    [Show full text]
  • Abusing Windows Management Instrumentation (WMI) to Build a Persistent, Asyncronous, and Fileless Backdoor Matt Graeber
    Abusing Windows Management Instrumentation (WMI) to Build a Persistent, Asyncronous, and Fileless Backdoor Matt Graeber Black Hat 2015 Introduction As technology is introduced and subsequently deprecated over time in the Windows operating system, one powerful technology that has remained consistent since Windows NT 4.01 and Windows 952 is Windows Management Instrumentation (WMI). Present on all Windows operating systems, WMI is comprised of a powerful set of tools used to manage Windows systems both locally and remotely. While it has been well known and utilized heavily by system administrators since its inception, WMI was likely introduced to the mainstream security community when it was discovered that it was used maliciously as one component in the suite of exploits and implants used by Stuxnet3. Since then, WMI has been gaining popularity amongst attackers for its ability to perform system reconnaissance, AV and VM detection, code execution, lateral movement, persistence, and data theft. As attackers increasingly utilize WMI, it is important for defenders, incident responders, and forensic analysts to have knowledge of WMI and to know how they can wield it to their advantage. This whitepaper will introduce the reader to WMI, actual and proof-of-concept attacks using WMI, how WMI can be used as a rudimentary intrusion detection system (IDS), and how to perform forensics on the WMI repository file format. WMI Architecture 1 https://web.archive.org/web/20050115045451/http://www.microsoft.com/downloads/details.aspx?FamilyID=c17 4cfb1-ef67-471d-9277-4c2b1014a31e&displaylang=en 2 https://web.archive.org/web/20051106010729/http://www.microsoft.com/downloads/details.aspx?FamilyId=98A 4C5BA-337B-4E92-8C18-A63847760EA5&displaylang=en 3 http://poppopret.blogspot.com/2011/09/playing-with-mof-files-on-windows-for.html WMI is the Microsoft implementation of the Web-Based Enterprise Management (WBEM)4 and Common Information Model (CIM)5 standards published by the Distributed Management Task Force (DMTF)6.
    [Show full text]
  • Document Object Model †DOM‡ Level 1 Specification
    Document Object Model (DOM) Level 1 Specification REC-DOM-Level-1-19981001 Document Object Model (DOM) Level 1 Specification Version 1.0 W3C Recommendation 1 October, 1998 This version http://www.w3.org/TR/1998/REC-DOM-Level-1-19981001 http://www.w3.org/TR/1998/REC-DOM-Level-1-19981001/DOM.ps http://www.w3.org/TR/1998/REC-DOM-Level-1-19981001/DOM.pdf http://www.w3.org/TR/1998/REC-DOM-Level-1-19981001/DOM.tgz http://www.w3.org/TR/1998/REC-DOM-Level-1-19981001/DOM.zip http://www.w3.org/TR/1998/REC-DOM-Level-1-19981001/DOM.txt Latest version http://www.w3.org/TR/REC-DOM-Level-1 Previous versions http://www.w3.org/TR/1998/PR-DOM-Level-1-19980818 http://www.w3.org/TR/1998/WD-DOM-19980720 http://www.w3.org/TR/1998/WD-DOM-19980416 http://www.w3.org/TR/WD-DOM-19980318 http://www.w3.org/TR/WD-DOM-971209 http://www.w3.org/TR/WD-DOM-971009 WG Chair Lauren Wood, SoftQuad, Inc. Editors Vidur Apparao, Netscape Steve Byrne, Sun Mike Champion, ArborText Scott Isaacs, Microsoft Ian Jacobs, W3C Arnaud Le Hors, W3C Gavin Nicol, Inso EPS Jonathan Robie, Texcel Research Robert Sutor, IBM Chris Wilson, Microsoft Lauren Wood, SoftQuad, Inc. Principal Contributors Vidur Apparao, Netscape Steve Byrne, Sun (until November 1997) Mike Champion, ArborText, Inc. 1 Status of this document Scott Isaacs, Microsoft (until January, 1998) Arnaud Le Hors, W3C Gavin Nicol, Inso EPS Jonathan Robie, Texcel Research Peter Sharpe, SoftQuad, Inc. Bill Smith, Sun (after November 1997) Jared Sorensen, Novell Robert Sutor, IBM Ray Whitmer, iMall Chris Wilson, Microsoft (after January, 1998) Status of this document This document has been reviewed by W3C Members and other interested parties and has been endorsed by the Director as a W3C Recommendation.
    [Show full text]
  • An Introduction to Windows Scripting
    JOHN E. JOHNSTON An Introduction to Windows Scripting n the past, BAT files provided Windows users a way to run a series of commands. Today, with the I release of Microsoft's Windows Scripting Host, there are many different platforms on which we can run scripts, including Internet Explorer, Internet Information Server and the Windows operating system. of us were first introduced to microcomputers via HTML pages, please keep in mind that you can also MANYback in the days when DOS was the major develop scripts that run under the Windows operating system. operating system for business and personal computers. If we This type of script performs like a BAT file, but is much more needed to automate the running of a series of commands, we versatile. With operating system scripts, you can automate made BAT files to accomplish this. Then along came many of the routine tasks performed in your organization, Windows Version 3, and still, if we needed to run a series of such as editing and copying files between different computers, commands, we relied on BAT files. managing file server backup processes, Even with Windows 9x and Windows and automating the scheduling of rou- NT, the lowly BAT file remains as the The Windows interface tine application tasks. only native scripting tool available to allows you to run script us. At the same time, our mainframe WINDOWS SCRIPTING colleagues have been using clists and files directly from COMPONENTS REXX programs to develop rather sophisticated scripting applications Windows. For example, Windows Scripting is comprised of and our UNIX counterparts have the following two major components: been using the very versatile shell to launch a script under scripts for their scripting applica- G Windows Script Engines tions.
    [Show full text]
  • 1 Introduction Into WSH
    1 Introduction into WSH This chapter contains a brief introduction into the Windows Script Host (WSH). You will get a first impression of what you can do with this tool, how to install it, and how to use it. What is the Windows Script Host? Windows versions before Windows 98 provided almost nothing to automate certain tasks like backing up files, displaying user dialogs, and maintaining system administration tasks. Many sys- tem administrators and power users requested a tool to support these tasks. NOTE: Of course, you could always use the old MS-DOS batch (BAT-files) file to perform certain tasks like copying files. These BAT-files can be used within a Windows Command Prompt window (the window with the MS-DOS command prompt). However, this approach has several disadvantages like the fact that a BAT-file can only contain a simple sequence of MS-DOS commands (only simple branches and no real looping functionality among other things). Also, dialogs and messages boxes are not supported. In Windows 3.1, you could do a little more with macro recorder to record and play simple keystrokes and mouse clicks; however, the recorder is not available under Windows 9X and Windows NT and does not allow programming. All this led users to seek out third party solutions (like Power Batch) or programming environ- ments like Delphi, Visual Basic, and Visual C to handle these tasks. But these solutions were not acceptable for many Windows users that required a simple and free scripting language to solve their automation tasks. Since Microsoft Office 97 provides Visual Basic for Applications (VBA) and since web authors also know scripting languages like VBScript and JavaScript, it was only a matter of time before Microsoft provided a scripting language for Windows operating systems.
    [Show full text]
  • Jscript Jscript
    JScript JScript Jscript Internet JScript JScript FlieSystemObject Script © 2000 Microsoft Corporation JScript JScript JScript JScript © 2000 Microsoft Corporation JScript JScript Jscript JScript JScript JScript JScript JScript JScript JScript © 2000 Microsoft Corporation JScript JScript JScript Microsoft ECMA 262 ECMAScript 3 JScript ECMA JScript JScript JScript C++ JScript JScript JScript Java JScript “” Active Server PagesASPInternet Windows JScript JScript JScriotJScript JScript Web © 2000 Microsoft Corporation JScript JScript Microsoft JScript “” JScript Jscript Jscript “;” (;) JScript Jscript aBird = "Robin"; //“ Robin” aBird var today = new Date(); // today {} JScript JScript for while Jscript C++ function convert(inches) { feet = inches / 12; // miles = feet / 5280; nauticalMiles = feet / 6080; cm = inches * 2.54; meters = inches / 39.37; } km = meters / 1000; // kradius = km; mradius = miles; JScript (//) aGoodIdea = "Comment your code thoroughly."; // (/*), (*/) /* aGoodIdea */ JScript */ JScript // // aGoodIdea // // aGoodIdea var extendedIdea = aGoodIdea + " You never know when you'll have to figure out what it does."; JScript (=)= LvalueLvalue = RvalueRvalues JScript anInteger = 3; Jscript “ 3 anInteger”“anInteger 3” = == (==) JScript JScript JScript “” JScript — JScript 3.9 // "Hello!" // false // null // {x:1, y:2} // [1,2,3] // function(x){return x*x;} // + // - // * // / // JScript var anExpression = 3 * (4 / 5) + 6; var aSecondExpression = Math.PI * radius * radius; var aThirdExpression = aSecondExpression + "%" + anExpression;
    [Show full text]
  • NET Framework Overview
    .NET Framework Overview .NET Framework, CLR, MSIL, Assemblies, CTS, etc. Svetlin Nakov Telerik Corporation www.telerik.com Table of Contents 1. What is .NET? Microsoft .NET platform architecture 2. What is .NET Framework? .NET Framework Architecture 3. Common Language Runtime (CLR) 4. Managed Code 5. Intermediate Language MSIL 6. Assemblies and Metadata 7. .NET Applications Table of Contents (2) 8. Common Language Infrastructure (CLI) and integration of different languages Common Language Specification (CLS) Common Type System (CTS) 9. Framework Class Library 10. Integrated Development Environment Visual Studio .NET Framework Microsoft's Platform for Application Development What is the .NET Platform? The .NET platform Microsoft's platform for software development Unified technology for development of almost any kind of applications GUI / Web / RIA / mobile / server / cloud / etc. .NET platform versions .NET Framework Silverlight / Windows Phone 7 .NET Compact Framework What is .NET Framework? .NET Framework An environment for developing and executing .NET applications Unified programming model, set of languages, class libraries, infrastructure, components and tools for application development Environment for controlled execution of managed code It is commonly assumed that .NET platform == .NET Framework .NET Framework Components Common Language Runtime (CLR) Environment for controlled execution of programmed code – like a virtual machine Executes .NET applications Framework Class Library (FCL) Standard class library
    [Show full text]
  • An Introduction to Scripting in Visualdsp++® Application Note (EE-235)
    Engineer-to-Engineer Note EE-235 Technical notes on using Analog Devices DSPs, processors and development tools Contact our technical support at [email protected] and at [email protected] Or visit our on-line resources http://www.analog.com/ee-notes and http://www.analog.com/processors a An Introduction to Scripting in VisualDSP++® Contributed by Jason Pound Rev 1 – May 11, 2004 Introduction VisualDSP++® 3.5 introduces a language-independent scripting host that utilizes the Microsoft® ActiveX® script host framework. The scripting host permits the use of multiple scripting engines (languages) that conform to the Microsoft ActiveX script engine framework. Scripting is a powerful and flexible tool that you can use to extend and customize the built-in capabilities of the IDDE or to automate repetitive tasks. It is ideal for non-interactive scripting needs such as accessing DSP resources (reading/writing memory or reading/writing registers), performing repetitive tasks (executing external tools prior to or after a build completes, or setting registers and memory prior to loading a program), or running full-blown regression tests. These are only a few examples of what can be done with scripting; the possibilities are endless. This EE-Note outlines the components involved in scripting and explains how to use the new scripting capabilities in the IDDE. A Note About Tcl Prior to the release of VisualDSP++ 3.5, Tcl (http://www.tcl.tk) was the default scripting language in the IDDE. Since Tcl is not a true ActiveX script engine, Tcl has been deprecated with release 3.5 and will not be covered in this EE-Note.
    [Show full text]
  • Cylanceprotect Script Control
    CylancePROTECT® Script Control Feature Focus Why Is CylancePROTECT Script interpreter (responsible for the execution of scripts) to monitor and protect against scripts running in your environment. The Control Important? agent is then able to detect the script and script path before Scripting has become a leading mechanism for malware the script is executed. distribution. The 2017 Verizon Data Breach Investigations Report identifies JavaScript as the leading propagator conduit How To Use CylancePROTECT (59%) for ransomware. The rationale for this is simple: Script Control malicious scripts are easily obtainable in the cybercrime underworld. Further, scripts are often difficult for some Depending on the policy set for CylancePROTECT Script Control security products to detect, as scripts are commonly used (Alert or Block), the agent will allow or block the execution of by security administrators for non-nefarious purposes, so the script. a script’s conviction needs to be scrutinized by the intent of Alert Mode the user. Allows all scripts to run, but alerts you when scripts are run. CylancePROTECT offers integrated script control to assist It is recommended that administrators initially enable its superior artificial intelligence and machine learning CylancePROTECT Script Control in Alert Mode to monitor and based malware execution prevention technologies, giving observe all scripts running in their environment. administrative control over when, where, and how scripts are used in your environment. This ultimately reduces the Block Mode attack surface on which an evildoer may distribute malware. Blocks all scripts. Approved scripts can be allowed to run using the Approve scripts in these folders (and subfolders) option How Does CylancePROTECT Script (see information below).
    [Show full text]
  • Windows Management Instrumentation (WMI) Offense, Defense, and Forensics
    WHITE PAPER WINDOWS MANAGEMENT INSTRUMENTATION (WMI) OFFENSE, DEFENSE, AND FORENSICS William Ballenthin, Matt Graeber, Claudiu Teodorescu FireEye Labs Advanced Reverse Engineering (FLARE) Team, FireEye, Inc. SECURITY REIMAGINED Windows Management Instrumentation William Ballenthin, Matt Graeber, Claudiu Teodorescu FireEye Labs Advanced Reverse Engineering (FLARE) Team, (WMI) Offense, Defense, and Forensics FireEye, Inc. CONTENTS Introduction 2 Revision History 6 WMI Architecture 7 WMI Classes and Namespaces 8 Querying WMI 10 Instance Queries 10 Event Queries 11 Meta Queries 12 Interacting with WMI 13 PowerShell 13 wmic.exe 13 wbemtest.exe 14 WMI Explorer 15 CIM Studio 16 Windows Script Host (WSH) languages 16 C/C++ via IWbem* COM API 17 .NET System.Management classes 17 winrm.exe 17 wmic and wmis-pth for Linux 17 Remote WMI 17 Distributed Component Object Model (DCOM) 18 Windows Remote Management (WinRM) 18 WMI Eventing 19 Eventing Requirements 19 Event Filters 20 Intrinsic Events 20 Extrinsic Events 21 Event Consumers 21 Malicious WMI Persistence Example 22 WMI Attacks 23 Reconnaissance 23 Anti-Virus/VM Detection 23 2 Windows Management Instrumentation William Ballenthin, Matt Graeber, Claudiu Teodorescu FireEye Labs Advanced Reverse Engineering (FLARE) Team, (WMI) Offense, Defense, and Forensics FireEye, Inc. Code Execution and Lateral Movement 26 Win32_Process Create Method 26 Event consumers 27 Covert Data Storage 28 WMI as a C2 Channel 28 “Push” Attack 29 “Pull” Attack 30 WMI Providers 31 Malicious WMI Providers 32 WMI Defense 32
    [Show full text]
  • 4 Working with WSH Objects
    4 Working with WSH objects In the preceding chapter I have discussed a few basics of script programming. We have also used a few objects, methods and properties. In this chapter I would like to extend your knowledge how to use the Windows Scripting Host, to automate certain tasks. Take a look how to read the properties of the WScript object and display them in a dialog box. This allows you to retrieve the most impor- tant information from WSH and of the current script. Or access the environment variables of your operating system using a script. Another sample demonstrates how to access the arguments passed to a WSH script (a topic which we know from chapter 1). Accessing other objects requires creating these objects. Below I will discuss, how the methods CreateObject and GetObject are used with WScript objects. And I like to show how to launch an external application from a script using the Run method. NOTE: At this place I recommend download a copy of the WSH Programmers Reference from Microsoft's website http://msdn.microsoft.com/scripting. This reference comes handy for the upcoming chapters. Using the WScript object The WScript object is the application object of the Windows Script Host. This object is exposed automatically to the running script. So you need not to create a reference to the WScript object. The object exposes several methods and properties. In previous chapters we already have used the methods Echo and Quit of this object. Below I will show how you can access the object's proper- ties.
    [Show full text]