Using other programming languages for malware against EDR?

As an example, one of the most basic malware to inject into a process to get a C2 beacon goes like this:

Get Handle of a process -> VirtualAllocEx -> WriteProcessMemory -> CreateRemoteThread 

Now writing this in C/C++ is quite native as it can easily communicate with WinAPI. Are there any benefits in writing this in another programming language such as Golang or Rust to fight against EDR, not just an AV with static analysis checks? More specifically EDRs that are hooking and calling JMP to those WinAPI calls?

My question comes from the rise of .NET and C# with a lot of use cases such as using LOLBAS csc.exe to compile on machine or execute-assembly to load .NET assemblies in unmanaged codespace or process. However, this still use WinAPI by using P/Invoke (and now D/Invoke).

  1. Are there any benefits in using other programming language to call WinAPI function to fight against EDR?
  2. Are there any other ways of creating malware (e.g. dropper) besides calling WinAPI?
  3. Like with .NET and C#, will there be a new rise in existing (other) languages such as Go or Rust.

Programming language designed to prevent security issues from occurring? [closed]

I’m working on creating a new programming language and trying to find that first niche to tailor it to. Would you appreciate a programming language that would make it as easy as possible to encrypt & salt all information stored in databases & files and sent over the network, etc?

I already have it so that it’s as fast as C++ but guaranteed to be memory and thread-safe without the programmer having to think twice about it.

The idea is that you write it quickly and productively and don’t have to think about the security, because it’s already baked into the end product.

Java Programming

Assume that you have been assigned a task to develop an application which will be handling teaching activities as the University. The application has four main entities namely administrator, lecturer, student and course. The application should be able to allow: a) Registration of classes b) Registration of modules c) Registration of lecturers d) Registration of students e) Assignment of modules into class f) Assignment of module to lecturer g) Assignment of student into class h) View all registered students, modules, classes i) View all students and their modules j) View lecturers and their modules The application should be developed by using Object Oriented programming in which encapsulation, inheritance, abstraction and polymorphism concepts MUST be observed and implemented by using Java

Why does PHP’s strtotime() not understand a Unix timestamp? Or: Why don’t programming languages support “versions” of themselves? [closed]

Yes, I know that strtotime returns a Unix timestamp from a "time string". However, there are numerous situations where I’ve fed a semi-unknown "time string" into it and been baffled when I got a bool(false) returned instead of it just returning the same integer back:

$  current_timestamp = time(); var_dump(strtotime($  current_timestamp)); 

Output:

bool(false) 

I have long since made a wrapper function to strtotime, as I have done with every single PHP function I use, which handles this for it, so it’s not a practical problem for me anymore. However, it’s very interesting to me how this kind of situation can happen.

Why do such smart people (no, this is not sarcasm), who are able to create a highly advanced and complex programming language, which I could never do myself even if I got 50 years of "paused time" from now to do it, just seem to "overlook" many such basic "details"?

Is this another case of "we knew about it early on, and agree that it was not right, but people had begun expecting this bad behaviour from the function, and then we couldn’t change it, and as time went by, it became less and less possible"?

I’m very torn about things like this. This particular thing I find idiotic, but there is a good point against changing things around. Just look at the nightmare that is Python. I wouldn’t want to have to constantly try to re-read the manual for every single PHP function I use, wondering if PHP 8.1 or something has changed the parameter order around or something evil like that. If I have to choose between that or fix things myself, I choose the latter.

I just wish that language authors, and in particular PHP since it’s what I use, would just introduce some kind of "legacy mode" where the old/original versions of functions are kept around in the "engine", but only activated unless the user does <?php8 for their scripts, or something like that. Or maybe set a configuration option, to make the source code files less ugly. That seems like a perfect compromise to me. Why is that not actually done?

Remote APIs, such as Stripe (payment-related), frequently have "versions" where old ones are supported for ages/ever, so why can’t local programming language engines also do that?

How is it possible that such a massively used programming language as PHP has such an eerily “abandoned” manual? [closed]

Like every other god damn question I ever ask on this site, this was apparently "off-topic" even on Stack Overflow. That’s why I ask it here, the only other fitting category I could find.

Every day, I make numerous page loads on PHP.net’s manual to remind myself about details or try to understand what various PHP functions do and how they work. I now use PHP almost exclusively (besides HTML, CSS and SQL), with very little JavaScript for things that need to be client-side and thus must be in JS.

What strikes me is how ancient typos are still there, ones I remember from the early 2000s. The user-submitted comments can say "17 years ago" and things like that, which makes me feel as if I’ve discovered some ancient dwarf book in Moria or something, almost falling apart from age. But it’s the live, current manual for PHP.

This makes me feel uneasy to say the least. I’m not going to pretend as if the manuals for other free software is better. In fact, they are usually much worse, but the fact remains that I use PHP so heavily and have so much of my life invested in it (I’ve now used PHP far longer than I had existed at the time when I first started using it), and so frequently look in its manual, that it means a lot to me.

And it should mean a lot to others as well, considering that it’s one of the most used programming languages in the world.

The code examples are frequently ancient, irrelevant and unclear. I’ve rarely had any use of those, instead being forced to guess my way to how you’re supposed to use the functions, or had to ask on Stack Exchange or read its old questions. Those user-submitted comments are also rarely of any value, frequently dangerously misleading and horribly insecure.

It seems as if somebody should have long ago been paid a full-time salary to painstakingly go through the entire PHP manual and fix all typos, bad descriptions, poor examples, and clean up the mess of user-submitted comments. I also wonder if they have turned off new comments from users or something, because so few of them seem to be made in the last few years. I assume that they have a manual review system in place, and maybe a huge backlog with nobody looking at it?

Why, for such a massively popular language/project, has not one company stepped up to pay for such a single person to do this work? It’s downright embarrassing when the manual is this state.

I can predict the answer:

Why don’t you do it? Patches/donations welcome.

I don’t do it because I’m overwhelmed by just trying to use PHP. I have no peace of mind, a stable life situation, nor even the skills, to fix the PHP manual. But I know that there are many individuals out there who do have peace of mind, a stable life situation (an income), and far better skills than I and who could in theory do it. But they don’t. For some reason.

I’m not calling them evil/lazy. I’m just wondering how this situation can be. It’s depressing. Baffling. Makes me feel as if I’m using some sort of legacy application.

I’ve countless times gone hunting for "PHP alternatives", many times asking people about it, etc., but not once have they been able to present me with a valid alternative, so I’ve stuck to PHP. Also, it would have to be pretty darn fantastic for me to just abandon my entire system and start trying to remake it in some other language which doesn’t even seem to exist. The alternatives mentioned always have some major problem which is far worse than PHP’s issues, such as Python with its major incompatibilities between versions which makes PHP appear stable as a rock.

But this question isn’t about possible PHP alternatives. It’s about why the PHP manual is in such a perpetually miserable and "rotting" state.

I’ve also discovered parts of the manual, probably for classes/functions added in recent years, which aren’t "commented" at all, but seemingly simply generated from source code. Yet they still develop the language itself, and it’s improved all the time. But the manual doesn’t really reflect any of this; it makes the PHP project seem almost abandoned.

I don’t understand it. If I ever make it and start actually making money, I’m going to seriously consider hiring somebody to brush up the PHP manual. It’s the least I could do to give back, and it frankly makes me angry that nobody else has ever thought like this. Or maybe there are no previously-poor people out there who "made it" rich by using PHP? (Seems unlikely.)

Are lines what differ machine code programming in a text editor from in memory directly?

I understand that at least theoretically a human could do programming with a given type of machine code in a text editor OR in the memory directly somehow.

I also understand that in a (human invented?) computer memory, in each cell, data is sequential, scattered in addresses each of which contains a word in a fixed size which always contain bit/s to a full capacity.

I am not sure what would theoretically differ machine code programming in a text editor from machine code programming in memory directly; perhaps the very usage of lines ("the absence of sequence", I guess) as available in text editors, is the answer.

What are the applications of homotopy type theory to everyday programming?

What are the applications of homotopy type theory to everyday programming?

I know of only two applications, neither of which I understand:

  • "Homotopical Patch Theory"
  • "HoTTSQL: Proving Query Rewrites with Univalent SQL Semantics"

Is there a capsule summary of how HoTT is relevant to these problems?

Is there a general kind of programming problem for which HoTT is suited? Based on the applications so far, is it likely that future applications will all have to do with program efficiency? Or might there be applications to distributed systems, for example?

Higher inductive types strike me as the most obviously "new" thing from a programmer’s point of view. Is there a capsule summary of why programmers might use higher inductive types? Do these applications only have to do with program correctness, or do they also give us the ability to solve problems differently?

I know it’s early days and that we probably don’t know what the applications may be, but it’s also likely that more is known now than several years ago when the articles above were written.

Problem in the CLRS Linear Programming chapter

I’m currently reading the CLRS Linear Programming chapter and there is something i don’t understand.

The goal is to prove that given a basic set of variables, the associated slack form is unique

They first prove a lemma :

enter image description here

And then they prove the result :

enter image description here

My concern is that to prove the second lemma, they apply the first lemma. However equations (29.79) -> (29.82) only holds for feasable solutions, which is not for any x, so why can they apply the first lemma ?