Table of Contents
- Acknowledgements, bounties, citations, credits, kudos, references, rewards and thanks
- Advisories, (some) comments and disclosures posted on security mailing lists
- Application Verifier Provider
- Command Line Logger
- CPUID Enumerator and Decoder
- cURL binary executables for Windows® NT
- Custom AutoPlay Handler
- CVE Identifiers
- Demonstration of
- DLL Minesweeper – not just a game for software developers, (penetration) testers and administrators only
- EICAR standard anti-virus test file
- Executable installers considered harmful
- Exploits for MS15-132
- Gimmick of the Day (or Week, Month, Year, …)
- MSDM Product Key Reader
- Meltdown and Spectre Update Check Utility
- Guardian for CWE-428
- HTML Entities, plus many special characters
- Imperfect Forward Secrecy
- Installation of Microsoft® Windows® 7 SP1 with slipstreamed update packages
- Internet Component Download
- mailto: protocol handler for GMail
- Mal(icious soft)ware evading detection
- Minimalist Runtime Library for Microsoft® C Compiler
- Mitigate some Exploits for Windows’® User Account Control
- Named HTML Colors
NoFlash) for Microsoft® Internet Explorer (and Microsoft Office)
- Notification and Disclosure Policy
- Prevent bypass of AppLocker and SAFER alias Software Restriction Policies
- Protection against exploitation of CWE-428
- Self-signed X.509 Certificates
- Skype – or
Redmond, you’ve got a problem!
- SMBIOS Decoder
- Stop malware with Software Restriction Policies alias SAFER
- Terms and Conditions
- Vulnerability and Exploit Detector
- Windows Calendar and Windows Mail for Microsoft® Windows® 7
Note: the german
HTML page is
quite (out)dated and kept for historical reasons!
- Kleinigkeiten (für Windows)
- CER (base-64) encoded
- DER (binary) encoded
Makefiles and Sources
Most of the makefiles (for Microsoft’s
and source files (for Microsoft’s
Visual C compilers) listed below are documented
or referenced in the
Note: the makefiles contain source code as
but also refer to additional (binary) files which need to be
Almost all scripts listed below are documented or referenced in the
Note: some scripts need additional files, be sure
to download them all!
- Batch Scripts
- Registry Scripts
- Policy Files
- Scheduler Task Definition
- Setup Scripts
- Visual Basic Scripts
- Windows Script Host Scripts
- What every Windows developer or administrator must
absolutely and definitively know about
… at least:
- How the NT Loader works
- The NT DLL Loader: basic operation
- The NT DLL loader: dynamic unloads
- The NT DLL Loader: DLL callouts (DllMain) – DLL_PROCESS_ATTACH deadlocks
- The NT DLL Loader: FreeLibrary()
- DLL Preloading Attacks
- MS09-014: Addressing the Safari Carpet Bomb vulnerability
- More information about the DLL Preloading remote attack vector
- An update on the DLL-preloading remote attack vector
- MS14-019 – Fixing a binary hijacking via .cmd or .bat file
- Load Library Safely
- Triaging a DLL planting vulnerability
- Downloads Folder: A Binary Planting Minefield
- Carpet Bombing and Directory Poisoning
- Bypassing Application Whitelisting
- Dynamic-Link Library Security
- Dynamic-Link Library Search Order
- Insecure Library Loading Could Allow Remote Code Execution
- Secure loading of libraries to prevent DLL preloading attacks
- Microsoft Security Advisory: Insecure library loading could allow remote code execution
If you miss anything here, have additions, comments, corrections,
criticism or questions, want to give feedback, hints or tipps,
report broken links, bugs, errors, inaccuracies, omissions,
vulnerabilities or weaknesses, …:
don’t hesitate to
and feel free to ask, comment, criticise, flame, notify or report!
Notes: I dislike
even weirder formats too) in email, I prefer to receive plain text.
I also expect to see a full (real) name as sender, not a nickname!
Emails in weird formats and without a proper sender name are likely
to be discarded.
I abhor top posts and expect inline quotes in replies.
Terms and Conditions
By using this site, you signify your agreement to these terms and
conditions. If you do not agree to these terms and conditions, do
not use this site!
- The software and the documentation on this site are provided
as is without any warranty, neither express nor
In no event will the author be held liable for any damage(s)
arising from the use of the software or the documentation.
- Permission is granted to use the current version
of the software and the current version of the
documentation solely for personal private and non-commercial
An individuals use of the software or the documentation in his or
her capacity or function as an agent, (independent) contractor,
employee, member or officer of a business, corporation or
organization (commercial or non-commercial) does not qualify as
personal private and non-commercial purpose.
- Without written approval from the author the software or the
documentation must not be used for a business, for
commercial, corporate, governmental, military or organizational
purposes of any kind, or in a commercial, corporate, governmental,
military or organizational environment of any kind.
- Redistribution of the software and the documentation is allowed
only in unmodified form of its current version and
free of charge.
Notification and Disclosure Policy
I detect bugs, weaknesses and (security) vulnerabilities in
software quite often and (try to) report them to developers and
- If you are a software developer or vendor but failed to provide an
email address for reporting bugs, weaknesses and/or (security)
vulnerabilities within your software and its documentation or
failed to publish an email address on your web site I usually
disclose the bugs, weaknesses and/or (security) vulnerabilities
- If the email address provided within your software and its
documentation or published on your web site is invalid or reports
sent to this mailbox bounce I usually disclose the bugs, weaknesses
and/or (security) vulnerabilities immediately.
- If you receive a bug, weakness and/or (security) vulnerability
report I expect at least an (immediate)
acknowledgement of receipt and a qualified reply in the course of
- If you don’t acknowledge the receipt or don’t reply
within one week I usually resend the notification once, eventually
with Cc: to
- If you again don’t acknowledge the receipt or don’t
reply within another week I usually disclose the bugs, weaknesses
and/or (security) vulnerabilities then without further notice.
- If you consider a bug, weakness and/or (security) vulnerability I
reported to you not as (security) vulnerability I
usually disclose it immediately.
- If you decline to fix a bug, weakness and/or (security)
vulnerability I reported to you I usually disclose it immediately.
- I expect that you assign or request a
identifier for every security vulnerability I report to you and
notify me when done.
- I usually set a disclosure date 45 days after the initial bug,
weakness and/or (security) vulnerability report.
- If you can’t meet this initial deadline and need more time to
provide a fix or inform your customers I will grant an extension
of the initial deadline if you provide convincing arguments to me.
- If the set deadline expires I usually disclose the bugs, weaknesses
and/or (security) vulnerabilities then without further notice.
- I expect regular progress and/or status updates, especially if you
can’t meet the (initial or extended) deadline.
- If you don’t send progress and/or status updates on your own
I will eventually request them from you.
- If you don’t reply to a progress and/or status update request
within one week I usually disclose the bugs, weaknesses and/or
(security) vulnerabilities then without further notice.
- I usually disclose the bugs, weaknesses and/or (security)
vulnerabilities once you provide a fix or publish a (security)
advisory or bulletin.
Copyright © 1995–2018 • Stefan Kanthak •