Using other programming languages for malware against EDR?

As an example, one of the most basic malware to inject into a process to get a C2 beacon goes like this:

Get Handle of a process -> VirtualAllocEx -> WriteProcessMemory -> CreateRemoteThread 

Now writing this in C/C++ is quite native as it can easily communicate with WinAPI. Are there any benefits in writing this in another programming language such as Golang or Rust to fight against EDR, not just an AV with static analysis checks? More specifically EDRs that are hooking and calling JMP to those WinAPI calls?

My question comes from the rise of .NET and C# with a lot of use cases such as using LOLBAS csc.exe to compile on machine or execute-assembly to load .NET assemblies in unmanaged codespace or process. However, this still use WinAPI by using P/Invoke (and now D/Invoke).

  1. Are there any benefits in using other programming language to call WinAPI function to fight against EDR?
  2. Are there any other ways of creating malware (e.g. dropper) besides calling WinAPI?
  3. Like with .NET and C#, will there be a new rise in existing (other) languages such as Go or Rust.

Why does PHP’s strtotime() not understand a Unix timestamp? Or: Why don’t programming languages support “versions” of themselves? [closed]

Yes, I know that strtotime returns a Unix timestamp from a "time string". However, there are numerous situations where I’ve fed a semi-unknown "time string" into it and been baffled when I got a bool(false) returned instead of it just returning the same integer back:

$  current_timestamp = time(); var_dump(strtotime($  current_timestamp)); 

Output:

bool(false) 

I have long since made a wrapper function to strtotime, as I have done with every single PHP function I use, which handles this for it, so it’s not a practical problem for me anymore. However, it’s very interesting to me how this kind of situation can happen.

Why do such smart people (no, this is not sarcasm), who are able to create a highly advanced and complex programming language, which I could never do myself even if I got 50 years of "paused time" from now to do it, just seem to "overlook" many such basic "details"?

Is this another case of "we knew about it early on, and agree that it was not right, but people had begun expecting this bad behaviour from the function, and then we couldn’t change it, and as time went by, it became less and less possible"?

I’m very torn about things like this. This particular thing I find idiotic, but there is a good point against changing things around. Just look at the nightmare that is Python. I wouldn’t want to have to constantly try to re-read the manual for every single PHP function I use, wondering if PHP 8.1 or something has changed the parameter order around or something evil like that. If I have to choose between that or fix things myself, I choose the latter.

I just wish that language authors, and in particular PHP since it’s what I use, would just introduce some kind of "legacy mode" where the old/original versions of functions are kept around in the "engine", but only activated unless the user does <?php8 for their scripts, or something like that. Or maybe set a configuration option, to make the source code files less ugly. That seems like a perfect compromise to me. Why is that not actually done?

Remote APIs, such as Stripe (payment-related), frequently have "versions" where old ones are supported for ages/ever, so why can’t local programming language engines also do that?

Woocommerce product query not working in other WPML languages

I am trying to hide all Woocommerce products from a specific product category on the main shop archive page (products only visible when a customer goes to the specific category archive).

The following code is working to hide those products in my original language (Dutch), but not in the other 3 site languages, even though I also added their correct category id’s.

add_action( 'woocommerce_product_query', 'prefix_custom_pre_get_posts_query' ); function prefix_custom_pre_get_posts_query( $  q ) {      if( is_shop() || is_page('shop') ) { // set conditions here       $  tax_query = (array) $  q->get( 'tax_query' );          $  tax_query[] = array(              'taxonomy' => 'product_cat',              'field'    => 'term_id',              'terms'    => array(27,952,951,1119), // set product categories here              'operator' => 'NOT IN',       );          $  q->set( 'tax_query', $  tax_query );   } } 

Anyone knows how I could adapt this code snippet so it works in all languages? Thanks!

Create languages dropdown on registration form

My site is both English and Latvian. How to add frontend dropdown on registration form where users can choose their preferred language (the language they receive WP emails, etc.)?

add_filter( 'locale', 'set_my_locale' ); function set_my_locale( $  lang ) {   if ( 'gl' == $  _GET['latvian'] ) {     // set to Latvian     return 'ka_LV';   } else {     // return original language     return $  lang;   } } 

Can someone point out how to adjust this code, so there is a dropdown on frontend registration?

Use of pumping lemma for not regular languages. (Proof Verification)

$ L=\{w \in \{0,1,a\}^* | \#_0(w) = \#_1(w) \}$

We show that L is not regular by pumping lemma.

We choose w=$ 0^p 1^p a$

|w| = 2p+1

Now |xy| has to be $ \leq p$

So x and y could only contain zeros. And $ z=1^p a$

$ xy^iz= 0^p 1^p a$

Now let i = 0

$ xy^0z=0^{p-|y|} 1^p a$

Now hence $ p-|y| \neq p$ this choice of i would lead to a word that is not in L. So we can not pump y and stay in the language.

So L is not regular.

I’m trying to learn the usage of the pumping lemma. Is my proof correct?

Any suggestions are welcome. Thanks!

Why are so many languages written using the Dwarvish script?

If you look at the list of Standard Languages, you’ll see that most of them use Dwarvish as their script:

  • Common: Common
  • Dwarvish: Dwarvish
  • Elvish: Elvish
  • Giant: Dwarvish
  • Gnomish: Dwarvish
  • Goblin: Dwarvish
  • Halfling: Common
  • Orc: Dwarvish

(While that’s 5e, I found a similar chart for 3e.)

The Forgotten Realms Wiki calls this script Dethek and explains some of its history, but I can’t see how the explanation there relates to the Standard Languages at all. I also know next to nothing about DnD in-universe history.

Is there an in-universe explanation for as to why these languages all use the same script?

I don’t particularly care where the explanation comes from as long as it is from some DnD canon where the premise is true. I don’t expect too many settings to have an explanation at all, which should keep this from being too broad.

Union of every language within group of decidable languages is also decidable?

So I was trying to solve following exercise:

Let $ (L_{i})_{i \in \mathbb{N}}$ be a family of decidable languages – this means that every $ L_{i}$ is decidable. Then $ \cup_{i \in \mathbb{N}}L_{i} $ is also decidable. Right or wrong?

The solution states, that this statement is wrong because we can set $ L_{i}:=\{f(i)\}$ with $ f : \mathbb{N} \rightarrow H_{0}$ and will therefore receive $ \cup_{i \in \mathbb{N}}L_{i} = H_{0}$ . At the same time $ L_{i}$ languages are still decidable, for every $ i \in \mathbb{N}$ because they are finite.

However I still struggle to understand how exactly a language can be decidable with $ f : \mathbb{N} \rightarrow H_{0}$ , because I thought that $ H_{0}$ was not decidable.

Thanks in advance!!

determining decidability with intersection of context free languages

I am trying to solve this problem: Given context-free languages A, B, and C find if the language $ (A\cap B)\cup (B\cap C)$ is empty. Is this problem decidable.

I know the CFG is not closed under intersection so we do not know that $ A\cap B$ is also CFG. If it was CFG, I know how to prove decidability. Since we can’t determine about $ A\cap B$ , is there a way to prove whether or not this is decidable?