https://github.com/krypted/C-RegistryWriter – This project includes a RegistryKeyManager class that takes care of writing/reading to a registry file. Using a dedicated class makes expanding your registry functionality in the future easier.A DWORD is 4 bytes, so the value for RegistryWriter to send is currently limited to 4 characters (i.e. test1234 is not technically possible with a DWORD).

To use it, simply call the RegistryKeyManager class along with the key to write to and the value to put into the key:

RegistryKeyManager r( "HKEY_CURRENT_USER/Software/x/y", 1234 ); Which would create a key in HKEY_CURRENT_USER/Software/x/y with a DWORD value of 1234.

You could then read the value of and modify the key with calls like:

DWORD currentValue = r.ReadDwordValue(); r.WriteValue(...

Most of my examples for launchctl have been per-user, per-agent, per-daemon. But you can also control multiple launchctl targets concurrently. One example would be that you can unload everything in the user domain by not specifying a path but providing the userid. In the following example, we’ll just use $userid as a variable, but it’s worth noting that that would be, as an example, 501 for the :

sudo launchctl bootout gui/$userid

There’s another option that can be used to do the opposite from within single user mode, called bootshell. Bootshell is called similarly from single user mode:

sudo launchctl bootshell

The post Controlling Multiple launchagents and launchdaemons concurrently appeared first on krypted.com.

In the following, we set a variable called BearerToken using a simple curl to the contents of a bearer token. We do so by running a curl with data in the header for “userid” although sometimes we see this as just “user” or “username” and then a password. This hits an endpoint called authenticationendpoint although sometimes we see that called “auth” or “authenticate” – in this specific case we’re pulling the bearer token out of “id” and it’s nested in there with a name of “token”:
BearerToken=$(curl -s -X POST -H 'Accept: application/json' -H 'Content-Type: application/json' --data '{"userid”:”{userid}”,”password":"{password}"}' https://www.krypted.com/api/authenticationendpoint | sed -E 's/\},\s*\{/\},\n\{/g' File | grep  ‘”id” : “token”’)
Once we have that token we can then pass it into another API via the Authorization header when connecting. In...

Just posted a visual studio 2017 project at https://github.com/krypted/jwttools that includes an .exe file that, when run directly, extracts json out of an encoded jwt (and checks the signature). The encodedString variable in the jwt.cpp is a jwt that is used for extraction:

£include "pch.h" £include £include

£include "jwt/jwt.hpp"

int main() ¨ using namespace jwt::params; std::string encodedString = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImp0aSI6ImY4ZWQ0OTM2LTBlN2ItNDlmYi05YTkxLWM2MDQyZDEzODMzNiIsImlhdCI6MTU1NTUxODk4NSwiZXhwIjoxNTU1NTIyNTg1fQ.rsyE_KzLO99zKXC7TNFD1RkU6HYF2Y7XJuIkFKumt20"; jwt::jwt_object decoded = jwt::decode( encodedString, algorithms(¨ "hs256" ¼), false ); std::cout << decoded.header(); std::cout << decoded.payload(); return 0;

The returned json output is as follows...

Preparing data for tensorflow is often easiest when done as a two step process. In machine learning, you often get into trying to plot points, calculate tangents, and a lot of basic algebra. Working out equations kinda’ reminds me of being in in-school suspension in high school. Except now we’re writing code to solve the problems rather than solving them ourselves.

I never liked solving for a matrix… But NumPy is a great little framework to import that does a lot of N-dimensional array work. A few basic tasks in the following script includes a number of functions across norms, matrix products, vector products, decompose, and eigenvalues. Remove/comment what you don’t need:

import numpy as np
from numpy import linalg as LA
array = [[-1,4,2],[1,-1,3]]
array2 = [[6,2,1],[7,1,-3]]
array = np.asarray(array)
converted = np.fliplr(array)
#ifsquare >> cholesky = LA.cholesky(array)
#ifsquare >> inv = LA.inv(array)...

The iOS Simulator is a great way to test watchOS, tvOS, and iOS apps while you’re writing them. The easiest way to work with the simulator is through Xcode. But you can also use simctl for interacting with it, helpful in automating QA operations when possible. The simctl binary is located at /Applications/Xcode.app/Contents/Developer/usr/bin/simctl and typically accessed as a verb from the /usr/bin/xcrun command. 

First let’s list all the simulators, done using the list command, called by simply running xcrun followed by simctl for the type of operation to be run and then the list command:

/usr/bin/xcrun simctl list

The output shows a lot of device types, runtimes, and devices, most of which should show as disconnected or shutdown:

== Device Types ==

== Device Types ==
iPhone 4s (com.apple.CoreSimulator.SimDeviceType.iPhone-4s)
iPhone 5 (com.apple.CoreSimulator.SimDeviceType.iPhone-5)
iPhone 5s (com.apple.CoreSimulator....

I recently worked on something where a design requirement was to build a good snapshot restore option but not to use Time Machine backups. You can capture a snapshot of a Mac without enabling Time Machine. To do so, you’d still use the same binary as you would with Time Machine, /usr/bin/tmutil. To do so, simply use the snapshot verb as follows:

/usr/bin/tmutil snapshot

Once you’ve run that, you get output similar to the following:

Created local snapshot with date: 2019-04-12-110248

Now you have a snapshot that can be used to restore a Mac using the steps shown in this article: https://maclovin.org/blog-native/2017/restoring-from-a-snapshot-with-apfs.

You can make a snapshot at the provisioning time of a Mac and then see that snapshot at any point by awking for the first line in a list of snapshots, unless it’s been deleted:

snapshot=`tmutil...

Apple sent the following message out to developers yesterday:

Dear Developer, 

We’re working with developers to create a safer Mac user experience through a process where all software, whether distributed on the App Store or outside of it, is signed or notarized by Apple. With the public release of macOS 10.14.5, we require that all developers creating a Developer ID certificate for the first time notarize their apps, and that all new and updated kernel extensions be notarized as well. This will help give users more confidence that the software they download and run, no matter where they get it from, is not malware by showing a more streamlined Gatekeeper interface. In addition, we’ve made the following enhancements to the notarization process.
Legacy code is...

grep -i login /var/log/system.log

That’s all I got. Have a good day.

The post Quick One-Liner For Finding Invalid Login Attempts in macOS 10.14 and Up appeared first on krypted.com.

This document describes the security content of iOS 12.2.

This document describes the security content of macOS Mojave 10.14.1, Security Update 2018-002 High Sierra, Security Update 2018-005 Sierra.