Sunday, February 12, 2017

LINQ to PostgreSQL with PostgreSQL and .Net

n this example I used,
(in order)
Npgsql -Version 3.1.10
linq2db.PostgreSQL -Version 1.7.6
log4net -Version 2.0.7
CsvHelper -Version 2.16.3

Working sample code is available at bitbucket.org/hemantup/orm/src/HEAD/LINQtoPostgreSQL175/




This post is related to : https://hemantrohtak.blogspot.com/2016/03/is-entity-framework-best-performing.html
 

Saturday, February 11, 2017

MicroLite with PostgreSQL and .Net

In this example I used,

MicroLite -Version 6.3.2
Npgsql -Version 3.1.10
log4net -Version 2.0.7
CsvHelper -Version 2.16.3

Working sample code is available at bitbucket.org/hemantup/orm/src/HEAD/MicroLite6/





This post is linked to https://hemantrohtak.blogspot.com/2016/03/is-entity-framework-best-performing.html

Friday, February 10, 2017

FluentData with PostgreSQL 9.6 and .Net 4.5

In this example I used,

Npgsql -Version 3.1.10
log4net -Version 2.0.7
CsvHelper -Version 2.16.3
FluentData -Version 3.0.1.0

Working sample code is available at:

 bitbucket.org/hemantup/orm/src/HEAD/FluentData3/










This post is related to https://hemantrohtak.blogspot.com/2017/02/entityframework6npgsql-with-postgresql.html


Thursday, February 9, 2017

NHibernate with PostgreSQL and .Net

In this example I used,

NHibernate -Version 4.1.1.4000
Npgsql -Version 3.1.10
log4net -Version 2.0.7
CsvHelper -Version 2.16.3

1. Since I am using Sequence for Id, its worth noting that even though insert doesn't fire query to insert record immediately, but retrieves sequence.
2. Also, transaction will not be able to control rollback for sequences.
3. Actual SQL queries fired are available for review only in debug mode: setings.LogSqlInConsole = true;

For full version of code please visit: bitbucket.org/hemantup/orm/src/HEAD/NHibernate4/








This post is related to https://hemantrohtak.blogspot.com/2016/03/is-entity-framework-best-performing.html

Wednesday, February 8, 2017

EntityFramework6.Npgsql with with PostgreSQL 9.6 and .Net 4.5

In this example I used,

Npgsql -Version 3.1.10
log4net -Version 2.0.7
CsvHelper -Version 2.16.3
EntityFramework6.Npgsql -Version 3.1.1


Two things worth noting here,
1. If I would have installed directly EntityFramework6.Npgsql -Version 3.1.1, it resolve dependency to  Npgsql -Version 3.1.0, which didn't work in my case, so I chose to go with Npgsql -Version 3.1.10

2. I had to make manual entry for DbProviderFactories in app.config to get it work.

If you get stuck somewhere, delete your bin, obj and packages folder . Then try the sample code mentioned below again.

Working sample code is available at:

 bitbucket.org/hemantup/orm/src/HEAD/EntityFramework6/




Tuesday, February 7, 2017

OrmLite with PostgreSQL and .Net

In this example I used:
Npgsql -Version 3.1.10
ServiceStack.OrmLite.PostgreSQL -Version 4.5.6
CsvHelper -Version 2.16.3
log4net -Version 2.0.7


Sample code below gives an idea how to use OrmLite with PostgreSQL and .Net. PostgreSQL server is installed on localhost in the example below:
Visual Studio Project along with full version of code:

bitbucket.org/hemantup/orm/src/HEAD/OrmLite/





This post is related to https://hemantrohtak.blogspot.com/2016/03/is-entity-framework-best-performing.html

Thursday, February 2, 2017

Does Anti-virus software slow down your machine ?


If you are about to disable your Anti-virus and other security related plugins/software on your machine because it slows down your machine, this post is for you.

github.com/beefproject/beef is the The Browser Exploitation Framework(BeEF) available with default installation of Kali Linux. A black hat hacker could refer it's hook.js JavaScript file in any page, which if opened on victim's browser, hacker has the full control on victim's browser to execute commands beyond imagination e.g. getting all the browser cookies, extensions information, control web cam, pop-ups to enter passwords while browsing legitimate websites and so on. For complete list refer to github.com/beefproject/beef/tree/master/modules.

How BeEF tool works:
 It keeps on hitting BeEF server from victim's client browser to get updated version of hook.js (interval defined by Config yaml at server) and execute it, when server side Utility of BeEF server attacks, say attacker run command give me webcam, a different version of hook.js is fetched to victim in next periodic call from browser to BeEF server:  github.com/beefproject/beef/blob/master/modules/browser/webcam/command.js in this example. And victim client post results to attacker as per new hook.js given to it.

 You may verify such actions on client machine using F12 ( Developer Tool) > Network tab in most of the browsers like chrome,IE, Mozilla etc or using fiddler.

How to defeat this tool:

1. If this hook.js periodic hit is blocked on victim's browser and notify victim in popup, its a temporary fix. The best place for this stuff to do could have been a utility running on client machine/browser code itself/extension to browser.

2. You may use unhook code in your browser extension very similar to github.com/beefproject/beef/blob/91cc7ed873f26a4d633f6306b34aa6af06932d49/modules/browser/unhook/command.js ( The tool use the code mentioned to stop watching (unhook) the victim.
3. Another method could be blocking the Attacker's domain altogether as done by
chrome.google.com/webstore/detail/vegan/longcaclchhmdpgcdjicmaghmpbdidlj (Vegan Chrome extension)

4. "utility running on client machine" called anti-virus have updated definition to let the system aware of these type of attacks. For example
Windows default anti-virus is aware of many attack vectors BeEF tool uses like Exploit: JS/Aimesu.A, Trojan: Win32/Spursint.F!cl , Exploit: JS/ShellCode.gen

Bottom line is you must not disable your Anti-virus software, just because it slows down your machine. Above all, you must not open malicious websites which may have been using hooks from plenty of such exploitation tools. Might be, the tool they are using is custom made and no anti-virus software is yet aware of attack vectors and how it works!! Typically, websites which offer you pirated content cost you much more than you could think of.

When it comes to government organizations and financial institutes, there is a reason they block everything else than trusted web addresses and domains. Even the most sophisticated technologies may be vulnerable to Cross-Site Scripting (XSS) attacks and attacker could inject just hooks in supposedly secured websites.