justaguywhocodes

"""
encoders.py
XOR (single-byte, rolling) and RC4 encoding implementations.
These are intentionally simple — mirrors real-world malware tradecraft.
"""

def xor_single_byte(data: bytes, key: int = 0x41) -> bytes:
    """Single-byte XOR. Trivial but still common in commodity malware."""
    return bytes(b ^ key for b in data)

justaguywhocodes

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" `
    /target:library `
    /reference:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Build.Framework.dll" `
    /out:C:\Temp\TestLogger.dll `
    C:\Temp\TestLogger.cs

justaguywhocodes

https://derek-site-2026-6g03r9taz-derek-martins-projects.vercel.app/about/

justaguywhocodes

MSB-04: Atypical File — .csproj with Inline Task from Legitimate-Looking
Path
Objective:
Determine whether the detection signal can identify a malicious .csproj containing an inline C# task even
when the file resides in a directory that mimics a normal development workspace (complete with a .sln file).
This tests content-based detection rather than path-based heuristics. MSB-01 through MSB-03 already
validate detection from suspicious locations (C:\Temp). This test flips the scenario — the path looks
legitimate, but the content is malicious.
Steps:
1. Create a realistic project directory: mkdir C:\Source\MyProject\src

justaguywhocodes

using Microsoft.Build.Framework;
using System;
using System.IO;

// Benign test logger — writes to a temp file to prove execution
// Implements ILogger which MSBuild loads via /logger: switch
public class TestLogger : ILogger
{
    public LoggerVerbosity Verbosity { get; set; }
    public string Parameters { get; set; }

justaguywhocodes

<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  <Target Name="TestTarget">
    <TestTask />
  </Target>
  <UsingTask
    TaskName="TestTask"
    TaskFactory="CodeTaskFactory"
    AssemblyFile="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll">
    <Task>
      <Code Type="Fragment" Language="cs">

justaguywhocodes

<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  <Target Name="TestTarget">
    <TestTask />
  </Target>
  <UsingTask
    TaskName="TestTask"
    TaskFactory="CodeTaskFactory"
    AssemblyFile="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll">
    <Task>
      <Using Namespace="System.IO" />

justaguywhocodes

# MSBuild.exe Detection Signal — Purple Team Testing Plan

**Classification:** Internal — PCSIRT / Red Team Use Only
**Author:** Red Team Operations
**Date:** February 2026
**Version:** 1.0

-----

## 1. Objective

justaguywhocodes

test

justaguywhocodes

Fellow Toastmasters, distinguished guests, and friends—good [morning/afternoon/evening]! As your President, it's my honor to welcome you to this week's meeting. Today, we gather under the inspiring theme of Black Heritage Appreciation—a celebration of the rich tapestry of history, culture, and resilience that has shaped our world.Black heritage is more than a chapter in history books; it's a living legacy of triumph over adversity. Think of trailblazers like Dr. Martin Luther King Jr., whose eloquent words ignited a movement for equality, or Madam C.J. Walker, the first self-made female millionaire in America, who built an empire from innovation and determination. From the rhythms of jazz born in New Orleans to the groundbreaking achievements of scientists like Katherine Johnson, whose calculations propelled us to the moon—Black contributions have enriched every facet of society.In Toastmasters, we value communication and leadership, qualities exemplified by icons like Frederick Douglass, who escaped slavery