SharpTLSScan v1.0

Update 08/13/2014: v1.1 is here.

SSL and TLS have been getting a lot of attention from me lately, and recently I found myself in want of a tool that would tell me precisely which protocol versions and cipher suites a given server supported.

Sure, there's SSLScan and SSLScan-Win, but those tools haven't been updated in 5 years, and thus don't support the newer versions of TLS, 1.1 and 1.2.  And of course there are nice websites like SSL Labs that do a fine job, but I wanted to use this tool to audit internal/private systems too, not just internet web servers.

So I created a new tool and called it SharpTLSScan.  It's pure C# and has no reliance on outside libraries (such as OpenSSL,) and I managed to avoid the pain of directly interfacing with the SChannel API as well.

SharpTLSScan comes with the "It works on my machine (tm)" guarantee.  It's free, and the source will probably show up on Github pretty soon.

Here are some screenshots:

Usage is simple - SharpTLSScan myhost:636

First, the server's certificate is inspected and validated.  Next, a default connection is negotiated, which is useful for seeing what kind of connection your system would negotiate on its own.  Then, all protocol versions and all cipher suites are tested to see what the server will support.  (This can take a couple of minutes.)  Things that are obviously good (such as the certificate validating) are highlighted in green, while things that are obviously bad (such as SSL v2 support) are highlighted in red.  Things that are fair, but not great, (such as MD5 hashes) are in yellow.

*Oh dear...*

The reason why the protocol versions seem interleaved is a side-effect of a the multithreading in the program.  I'll likely fix it in the next update.

Here you go: (14.3KB)

notdd v1.0

[Update: I renamed the program to be more unique.]

Hi again,

I started writing boot loaders in x86 assembly the other day, and I needed something that was capable of writing to the first sector of a storage device in order to test my creations.  I searched around the web, downloaded some old image burning software like it was 1999 all over again, and promptly got myself a malware/adware infection.  This pissed me right off, so after reinstalling my OS, I immediately set out to write my own.

notdd is what I came up with.

If you've ever wanted the complete, unbridled freedom of $&#%ing up your storage media on your own terms, then have I got the program for you!

And it also works for planting a custom boot sector on a disk.

CustomAddADUser v1.0

I uploaded a new project on Github today, named CustomAddADUser.

If you have a lot of Active Directories and/or employee account records to maintain, or even if you don't but you're just obsessive compulsive like me, you might require a certain level of completeness, accuracy, and use of custom attributes that the old Active Directory Users and Computers doesn't really give you.  For instance, let's say that your HR system requires that you populate the "Employee ID" attribute on your user accounts.  The ADUC GUI doesn't provide that as part of the "new user" dialog. You have to create the user first, then enable "Advanced Features," then go and click on them again, open their properties sheet, go to the "Attribute Editor" tab, and type it in there.  And even then it's still prone to typos, which will make your identity management a struggle and your HR system won't be able to accurately track the user accounts.  You can't just mark the "employeeID" attribute as mandatory unless you want to modify the AD schema. And even if you did that, you still can't ensure that the employee ID matches a very particular ID format that your company uses.

Well CustomAddADUser aims to make all that possible.

Almost everything is customizable via a configuration file, including which attributes are mandatory, the application's icon, the window title, the company logo that appears on the "About" tab, the help text that appears on the About tab, and the regular expressions that are used to validate the input. Furthermore, you'll notice as you enter the user's account details that names are automatically capitalized and trimmed for you, etc., to encourage a clean and consistent user database.

(Gah people that don't capitalize the first letters of names drives me up the wall!)

So let's say that you need all your employees to have their employee ID attributes filled out, and your company uses employee IDs that look like F4348277 for full-time employees, and P4348277 for part time employees.  No problem, just edit the config file to use this regex pattern:

<add key="employeeIDRegex" value="\b[fp]\d{7}\b" />

Now the application will not allow the user to be created until the employee ID matches that regex pattern.  It will politely remind the administrator that the attribute needs to match that pattern.

All the other attributes have their own regex patterns too. If you don't care about the format of the attribute, just leave the regex pattern as (.+) to match anything.

Additionally, since it's very rare that AD users are created and aren't assigned to any security groups, you can easily copy the security group members from another existing user during creation.  When you change the "Create in" drop-down list, the list of available users from which to copy group memberships changes accordingly to show only users who are also in that branch of the directory.

The app is about 36 hours old so I will likely continue adding new features pretty quickly.  And of course, I wouldn't have put it on Github if I wasn't welcoming to anyone who wanted to submit bugs, feature requests, etc.  One of my missions with this application is to make it significantly better than the standard ADUC Users and Computers interface that people might actually want to use it... so I will be adding more features to it.

WTF is a GitHub?

I got my start in IT doing solely operations stuff: swapping out bad hard drives, terminating my own CAT5 cables, (I still carry a TIA-568 wiring diagram in my wallet in case I forget... had to throw out the condom to make room for it though, because let's be honest - I'll be using one way more than the other, just kidding, btw,) administering Active Directory, doing file server migrations... things like that.  And I still do mostly operations stuff today.  But I've also been playing around with programming since I was 14 years old, and I still do, even though my current job doesn't usually call for it.  Most of the time coding is just a hobby for me, but when there's a specific problem at work that I think I can solve with a little of my own programming elbow-grease, I'm all over it.  So I guess that makes me a natural participant in the DevOps movement, which is interesting because the age-old friction between IT pros and developers is still present.  On one hand, I get the idea of "don't half-ass two things; whole-ass one thing."  I think something that will ease that tension between Dev and Ops is the realization that developers aren't just developing boxed products anymore, but services.  Everything's a perpetual service now.  Which means the code and the hardware running that code have to evolve together now, at the same time and with the same goal. (Case in point: The OpenCompute Project, wherein we see entire datacenters being designed around the idea of running these super-scalable cloud workloads.)

Which means the developers and the IT pros need to hold hands and sing Kumbaya.

So Microsoft has been announcing tons of interesting things the past few weeks, such as Powershell 5 with OneGet, the open-sourcing of Roslyn the C# compiler, the introduction of .NET Native, etc.  And that got me into a bit of a mood for software the past few days.  Something I was way behind on was Git and GitHub.  Didn't know what they were, how they worked, how to integrate it into Visual Studio, etc.  So I've taken the past couple of days to educate myself, and the result is that now I have a public GitHub account.  I've only uploaded a few of my old personal projects - I will likely upload way more in the future.  I also have a ton of Powershell stuff built up, that I'll probably just make a single repository for.

Don't be too hard on me if you're going to scrutinize my code. I'm self-taught and I feel like I'm pretty terrible... but maybe I'm my own biggest critic.  I'm like the fat guy at the gym with all the other people with amazing bodies thinking to themselves "well at least he's trying..."

Git was originally designed by Linus Torvalds as a distributed source code revision tool.  GitHub is a place where you can store your repositories, and public code repositories are free!  You use Git to upload source code to GitHub.  Git/Github have established themselves as the premier service of its kind, which is evidenced by the fact that Visual Studio now integrates seamlessly with it and you can push commits to your branches (<- see me speaking the lingo there?) directly from within VS on your desktop.

Powershell, Panchromatic Edition, Continued!

That is a weird title.  Anyway, this post is a continuation to my last post, here, in which I used Powershell to create a bitmap that contained each and every RGB color (24-bit, ~16.7 million colors) exactly once.  We learned that using dynamic arrays and the += operator are often not a good choice when working with large amounts of data that you'd like to see processed before your grandchildren graduate high school. Today we look at another performance pitfall.

So last time, I printed a 4096x4096 bitmap containing 16777216 colors. But the pixels were printed out in a very uniform, boring manner.  I wanted to at least see if I could randomize the pixels a little bit to make the image more interesting.  First, I attempted to do that like this:

Function Shuffle([System.Collections.ObjectModel.Collection[System.Drawing.Color]]$List)
    $NewList = New-Object 'System.Collections.ObjectModel.Collection[System.Drawing.Color]'
    While ($List.Count -GT 0)
        [Int]$RandomIndex = Get-Random -Minimum 0 -Maximum $List.Count                
        Write-Progress -Activity "Randomizing Pixels..." -Status "$($NewList.Count) of 16777216"
    Return $NewList

Seems pretty solid, right?  I intend to shuffle or randomize the neatly ordered list of pixels that I've generated.  So I pass that neatly ordered list to a Shuffle function.  The Shuffle function randomly plucks an element out of the original list one at a time, inserts it into a new "shuffled" list, then removes the original element from the old list so that it is not reused. Finally, it returns the new shuffled list.

Yeah... so that runs at about 12 pixels per second.

So instead of waiting 16 days for that complete, (16.7 million elements at 12 per second...)  I decided that I had to come up with a better solution.  I thought on it, and I almost resorted to writing a pure C# type and adding that to my script using Add-Type, but then I decided that would be "cheating" since I wanted to write this in Powershell as best I could.

Then it suddenly hit me: maybe I was thinking about it this way too hard.  Let's try something crazy:

Write-Progress -Activity "Randomizing Pixels" -Status "Please wait..."
$RandomPixelList = $AllRGBCombinations | Get-Random -Count $AllRGBCombinations.Count

Done in about two minutes, which beats the hell out of 16 days.  What we have now is a "randomized" list of pixels. Let's paint them and see how it looks:

A slice at 1x magnification:

A slice at 6x magnification:

I call it the "Cosmic Microwave Background."

You'll likely see a third installment in this series as I work some interesting algorithm into the mix so that the image is more interesting than just a random spray of pixels.  Until then...