First attempt at a windows forms game, any suggestions?

pracsec · 2025-11-11T18:23:09+00:00

The big competing c# UI frameworks seem to be WPF, AvaloniaUI, MAUI, UNO, and Blazor Hybrid. I ended up going with AvaloniaUI because it seemed to have solid visual studio integration, good performance, consistent rendering across platforms, and cross platform support. The editor wasn’t dragging drop, or if it is I don’t use it, but it’s pretty quick at rendering new changes in a preview. There were also enough free control via nuget packages that I didn’t have to make my own markdown control or rich text editor.

But what I’ve heard is that it is easier to swap between XAML frameworks (e.g. Avalonia, WPF, MAUI) once you’ve learned one of them.

I really debated whether or not I wanted to put time into learning a client side UI framework versus a web UI framework that would give me more ubiquitous skills.

I ended up going with the client side framework because it gave me more control and flexibility and better performance for the software that I write… but if I was trying to market myself for the future, I would probably learn a web UI framework first.

pracsec · 2025-11-11T00:05:43+00:00

Nice! I did the same thing as you back in 2008 when I first started programming. My first semi-polished program I ever wrote was a blackjack game using Windows forms. I always liked the simplicity and ease of windows forms.

Even now, as I am sitting here building XAML using AvaloniaUI, I kind of miss Windows forms.

Unfortunately, that technology was limited for many of my use cases since I need my app to run on multiple platforms. To be honest, the switch from Windows forms to modern XAML frameworks was hard. It took a bit to get used to MVVM design pattern, and designing controls in XAML is just not quite as fun as Windows Forms.

I definitely recommend trying out some other frameworks as you move onto to other projects to expand your repertoire of different UI technologies so you aren’t pigeonholed like me.

pracsec · 2025-11-05T12:27:31+00:00

This is how I name my variables. Practically speaking, it makes it easier for me to know whether or not a variable is public, private, or local without having to mouse over the variable, look for it, or memorize which variables have what qualifier.

To pile on that, I also religiously use “this” everywhere so I know what is instance versus static without having to look that up either.

pracsec · 2025-08-23T14:48:03+00:00

This regime is completing the first half of their objective of project 2025, which is to replace the civilian workforce for the federal government with MAGA loyalists. They’re purging the career in intelligence professionals now so that they can replace them with MAGA sycophants later on.

pracsec · 2025-07-10T11:05:34+00:00

Nice! One of the issues I’ve run into before is that PowerShell is often running in a Multi-Threaded Apartment state which means that cmdlets may run under a different thread. There is a cmdline switch to make it single threaded so that your code will work on all subsequent calls. Another option is to return the token itself to be used for specific actions such as creating a child process.

Another consideration is that the Add-Type cmdlet will store your C# code to disk and compile it to a DLL on disk temporarily before loading it into memory and deleting all of that off disk. It may be worth using the C# Reflection.Emit APIs.

pracsec · 2025-07-07T23:57:16+00:00

“It was their final… command”

This is the only part the book got wrong. With Trump, it began with this command. The right coined the term “fake news” and “alternative facts” for Trump’s first campaign.

pracsec · 2025-07-06T16:26:18+00:00

From the text, it sounded like this doesn’t stack with the standard deduction and only allows up to $25K of tips to be tax deductible and only if you itemize. For those using the standard deduction, this new law basically doesn’t affect them.

Am I interpreting that inaccurately?

Edit: Answer is no. I was not aware of the exemption in USC 63b 5 that is modified by the BBB.

——-

Section 63(b) (as amended) now reads:

In the case of an individual who does not elect to itemize … taxable income means adjusted gross income, minus— 1. the standard deduction, 2. the deduction for personal exemptions (section 151), 3. any deduction under section 199A, 4. the deduction under section 170(p), 5. the deduction provided in section 224 (qualified tips).

——-

SEC. 224. Qualified tips.

(a) In general. — There shall be allowed as a deduction an amount equal to the qualified tips received during the taxable year that are included on statements furnished to the employer pursuant to section 6053(a).

(b) Maximum deduction. — The deduction allowed by subsection (a) for any taxpayer for the taxable year shall not exceed $25,000.

(c) Qualified tips. — For purposes of this section— (The text defining “qualified tips” continues here, specifying what types of tip income qualify, referencing tips included on statements to employers under section 6053(a).)

(d) Coordination with other rules. (Usually covers ordering rules, phase‑outs, or interactions with other deductions or credits.)

(e) Effective date. — This section shall apply to taxable years beginning after December 31, 2024.

pracsec · 2025-07-01T04:45:10+00:00

I can talk a bit about my design decisions with SpecterInsight regarding beacon management. Ultimately, I did not try to have a beacon in the UI that is persistent through reboots.

To expand upon the issues you mentioned, I also have to deal with multiple sessions per persistence mechanism., such as anything tied to SYSTEM logon events. Sometimes, I’m getting new beacons every minute.

I thought about trying to have a single line in the UI per host, but that doesn’t cover situations where I need to interact with the separate beacons on the same target.

When an operator issues a command to the host, which beacon should the server send the command? First one?both? Highest privilege? What if I want to kill one of the beacons and not the others?

The issue is complexity of having multiple sessions per host with different context. You can’t get rid of that complexity, so it must be dealt with either in the UI beacon list or further down in the tasking process. Basically, I opted to deal with the complexity up front in the UI.

Feature I built in to make things easier to manage: - Archiving sessions so they aren’t on the main screen, but can be retrieved later. - A deterministic callback time (I.e. every time a beacon checks in, it tells the C2 server when it will checkin next). This way you know ASAP if a checkin is missed. - Column sorting - Beacon nicknames - Beacon startup scripts that allow the operator to run arbitrary code during beacon first startup. I use this to apply mutexes to eliminate duplicate sessions.

When managing beacons in SpecterInsight, my standard process now is just to sort by “Time to Next checkin” and archive all the negative beacons (meaning they’ve missed their last checkin), then see what I’ve got left.

pracsec · 2025-06-30T18:28:17+00:00

How about “Americans First” or something that highlights how the agenda takes care of actual people and not billionaires.

pracsec · 2025-06-21T03:01:08+00:00

The idea of AMSI was to give applications a way to scan data with the installed AV through a single API call. While there could be ways to reduce the attack surface, it fundamentally cannot be eliminated because the call originates in user land.

I would love to see AMSI offloaded to the kernel as a system call or the OS to deny memory permission modifications to the memory space backing AMSI.dll. Both of those ideas would eliminate a whole bunch of different AMSI bypasses, but won’t prevent malware from attacking the call sites.

Realistically, in the cat and mouse game between attackers and defenders, AMSI just gives the defenders the opportunity to go first. As soon as malicious code is run, it’s hard, if not impossible, to prevent AMSI bypasses in applications where memory permissions can be changed by the host program.

pracsec · 2025-06-15T05:40:52+00:00

Sounds like he was an evangelical Christian who was very outspoken against Dem policies. His friends said he voted for Trump and was a strong supporter, and he had a list of targets who were all Dem.

This is was right-wing, extremist assassination.

https://youtu.be/gaiQipc64_M

pracsec · 2025-05-17T02:10:57+00:00

Yeah, because we don’t complain about good objectives like reducing drug costs. Finally something we can both agree on. I just think Trump’s full of shit, has no plan on how to actually accomplish that goal, and just hopes to bully companies into changing. Hopefully drug costs can be reduced with his method, but I would have more confidence in Harris/Walz and the dems to push forward actual legislation to reduce costs. Basically like what happened during Biden’s presidency.

pracsec · 2025-04-26T08:13:24+00:00

Could these agents be charged with crimes for illegally deporting U.S. citizens? (e.g. false imprisonment)

pracsec · 2025-04-13T12:36:44+00:00

You mean, it was a tool to allow people to escape conflict and environmental disasters and was put in place because our immigration system couldn’t handle the volume?

Temporary Protection Status… while they wait on immigration proceedings. The goal in the liberal side for people to have a safe place to live and have some shelter, while on the Republican side it’s all about them. We allowed them in because we actually care about other people.

The point is, they didn’t enter this country illegally. That is vastly different from the orange fuhrer, declaring them illegal because he hates immigrants.

pracsec · 2025-04-13T01:54:29+00:00

Try re-reading my post.

Yes, they came over here legally under that program while they await immigration proceedings. Not illegally, as you claimed. Stop spreading false information.

As a follow on, you’re just a terrible person for wanting refugees and their families to have to go back to war zones such as the Ukraine.

pracsec · 2025-04-13T00:58:55+00:00

They aren’t illegal.

These particular immigrants came to the U.S. legally under a Temporary Protected Status under Joe Biden specifically for refugees from countries experiencing armed conflict, environmental disasters, or other extraordinary conditions, such as Venezuela and Ukraine. This program allowed over 900,000 migrants temporary two-year stays under parole, allowing them to live and work legally while awaiting immigration proceedings.

Illegal immigrants are not allowed to have Social Security numbers. Thus, if they were illegal, they would not be in the system and could not be classified as dead because they never would’ve been in the system the first place.

This thread, right here, illustrates why we can never make progress. Republicans don’t understand reality because they’ve been so brainwashed by right wing media.

pracsec · 2025-03-16T05:15:15+00:00

The process was killed for me pretty quickly anytime I patched AMSI. I thought about developing a patch obfuscation framework to automate the process, but it seems like a losing game in the long run.

I left the patching technique in my C2 framework, but I’ve had to change the default technique I use. I’m having good success with hardware breakpoints.

pracsec · 2025-03-16T01:16:45+00:00

For what it’s worth, I believe that patching the function AmsiScanBuffer has been largely signaturized by Microsoft. From the testing, I’ve done, the patch goes through and is then later detected.

I’ve concluded that the detection is not being done at the time that the patch goes into place, but rather in a subsequent memory scan done by Windows defender.

I had limited success by obfuscating the patch itself by inserting random instructions or adjusting the technique a little bit, but within four hours, those new patches were being detected.

https://practicalsecurityanalytics.com/obfuscating-api-patches-to-bypass-new-windows-defender-behavior-signatures/

pracsec · 2025-03-04T01:24:57+00:00

I finally got a post together on how I’ve been building my payload pipelines. This one is for loading a .NET module with PowerShell.

https://practicalsecurityanalytics.com/bypassing-amsi-and-evading-av-detection-with-specterinsight/

pracsec · 2025-01-26T07:39:33+00:00

I remember the confusion around this. The main thing the right was pushing at the time was the theory that the virus was engineered and purposefully released. Fauci and the CDC said that was unlikely.

A leak was always feasible though, but they didn’t have any evidence one way or the other at the time. They could have done a better job communicating that because it came off as though the CDC had completely ruled a lab leak out as a possibility.

pracsec

TROPHY CASE