Monthly Archives: February 2014

[URGENT] IOS SSL Vulnerability

This is just a quick post. It looks that a nasty 0day IOS SSL vulnerability has been discovered in Apple’s IOS 6, 7 and Apple TV. You can read more about it here.

The good news is that Apple provides updates already and there’s also a page available where you can test if the browser from your iPhone is vulnerable. So, if you wanna sleep tight, check out and if it says that you must update, then do so.

Please SHARE if you found this useful.

Vuln iPhone Browser

ILSpy after Red Gate .NET Reflector

What is ILSpy?

I was reading last night an article about how great Red Gate .NET Reflector was (and still is), but many people were disappointed when Reg Gate announced back in February 2011 that the Free version of .NET Reflector ceased to exist. :|

Well, the good news is that some very smart guys got together and started the development of ILSpy, an open-source project which is very similar to .NET Reflector.

Screenshot from

Some opinions say that ILSpy kept most of the functionality from .NET Reflector, it does the work pretty well and is very easy to use, but you can go ahead and check out where they provide other screenshots, links to their community and a very long list of features. :)

Great work, guys!

Running CMD.exe under Local System

I was reading today an old article about running CMD.exe as Local System and was glad that I found a way to do it easily. So, I continued reading the documentation from Microsoft about the command sc create and then, with a big smile on my face, started creating a service for finally running the CMD as Local System on my Windows 7. Yay! :D

So, I opened a Command Prompt, and ran the command for creating a service that runs in interactive mode CMD.exe as Local System:

sc create TestCMD binpath= "C:\Windows\System32\CMD.exe /K start" DisplayName="CMD Service" type= own type= interact
[SC] CreateService SUCCESS

And then… SURPRISE!

WARNING: The service TestCMD is configured as interactive whose support is being deprecated. The service may not function properly.

Now, obviously, I wanted to start the TestCMD service.

sc start TestCMD
[SC] StartService FAILED 1053:

The service did not respond to the start or control request in a timely fashion.

I noticed that together with the message above, the “Interactive Services Detection” window popped and a button started blinking in the taskbar.


If the “View the message” button is clicked, then the Command Prompt will be run as Local System. Otherwise, in case the “Ask me later” button will be clicked, the window will just close and that’s that. :|

Now, in order to clean-up the mess, the TestCMD service has to be deleted and for that, in a Command Prompt let’s type:

sc delete TestCMD

What if I don’t want to interact with the “Interactive Services Detection” window?

I then started wondering why this happened and found a very interesting article which explains the concept of Session 0 Isolation. The idea is that starting with Windows Vista, the services and system processes run in session 0 in order to protect the services from privilege escalation exploitations/hijacking. Therefore, it is self-explanatory why the user logs on to Session 1,2,3 and so on.

More specific information about Session 0 Isolation on Windows 7 can be found here.

After doing some reaseach on this, found out that the only way to achieve running CMD.exe under Local System without getting the “Interactive Services Detection” pop-up would be through the PsExec tool from Microsoft:

psexec -accepteula -s -i cmd.exe

I have extracted the description of each parameter used above from the documentation provided by Microsoft.

-i Run the program so that it interacts with the desktop of the specified session on the remote system. If no session is specified the process runs in the console session.
-s Run the remote process in the System account.
-accepteula This flag suppresses the display of the license dialog.

I ran the command whoami in the new Command Prompt window and been showed that CMD was running under Local System.


Monitoring Performance in Linux

1. top – Display Linux Tasks

This is a very used tool by any Linux administrator because it provides real-time information about the running tasks, system and about the tasks which are managed by the kernel.


More examples about how to use the “top” utility can be found here:

2. vmstat – Report Virtual Memory Statistics

The command “vmstat” provides very useful statistics that relates to: CPU activity, virtual memory, kernel threads, IO blocks, kernel threads, processes, etc.  For more examples about how to use vmstat, you can read:


3. lsof – List Open Files

The full name of this command is self-explanatory. Basically, the “lsof” command helps a sysadmin to find the open files and the processes that keeps them opened.  You can read more about it here:


4. tcpdump – Dump Traffic On a Network

This tool is a network packet analyzer and a sniffer that can be used to capture the packets transferred through a specific network interface. A detailed tutorial can be found here:


5. netstat – Network Statistics

When you want to use “netstat” it means that you’re looking for information about the inbound/outbound in terms of interface statistics. Many of us already know it from Windows. More useful practical examples using netstat can be found here:


6. iostat – IO Statistics

The name of this tool is also self-explanatory. It is designed to provide statistics about the input/output of different storage devices and it also provide info about the CPU status. Some useful examples on how to use this tool can be found here:


In order to make this tool available, you have to install the sysstat package from the repository.