We all understand the concept of boxing and unboxing in C# but type casting is a bit more complicated and we do have more than one option to accomplish it.

The two options that we have is 1) Have an explicit cast  to specific type or 2) Use the as keyword for type casting. Let’s look at each one of those in a little detail in code

 

I am going to call the type casting without any keyword as standard type casting.  Below is a code example of one of the ways of doing it right.

object obj1 = new object();

try
{
    Person person1 = (Person)obj1;
    Console.WriteLine(person1);
}
catch(InvalidCastException castException)
{
    Console.WriteLine(castException.Message);
}

It is apparent from the code that the object we are trying to cast to typeof Person is not actually a person and hence will be unsuccessful, so we are prepared for it by catching the InvalidCastException. This is exactly the problem when using the standard type casting.

We can avoid getting an exception during type casting by using the as keyword. Below is the code example of one way of doing that

object obj1 = new object();
Person person2 = obj1 as Person;
 if (person2 != null)
 {
     Console.WriteLine(person2);
 }
 else
 {
     Console.WriteLine("The person was not the original type of the object");
 }

As we can see from the code above, we used the as keyword to type cast and since the obj1 was is not of the type Person we will get back null as the result of the cast.

 

I know. The next question one would ask as to why is better than catching an exception since it is almost the same amount of code?

 

The answer to that question is performance. It is always expensive to throw an exception because of the additional work that needs to done by the runtime like colleting the stacktrace, increase in memory pressure sue to the page faults, etc

 

There is one catch while using the as keyword though, the as keyword only works for reference types or nullable types, which is understandable since it either returns the casted object or null and there no option to return null in case of failure for non nullable type (value type), it can’t be used there.

 

In summary, we should try to use as wherever possible as checking for null is definitely preferred as compared to throwing an exception, however if we must use type casting we should catch the specific InvalidCastException for better performance.

 

Although there is not much to the source code, regardless it could be found at github

 

Any questions, suggestion or feedback is always welcome.

Jigsaw Ransomeware featured

A brand new breed of ransomware has ramped up the sport in an evil means by threatening to delete user files if they refuse to drop and pay the ransom.

The malware, dubbed Jigsaw, is one in all the newest entries into the ransomware family learned by researchers.

Jigsaw, otherwise called the at one time branded BitcoinBlackmailer. exe, was engineered on March 23rd 2016 and was discharged into the wild solely every week later. Once a victim downloading the malware, the harmful code encrypts user knowledge and creates a fastened screen rather than the private laptop, within the typical manner of ransomware. Users square measure then control to ransom and asked to pay a payment in virtual forex to retrieve their content.

However, in step with Forcepoint researchers, this ransomware not solely encrypts files, however it threatens users with a enumeration by displaying the face of Billy the Puppet from the worry flick Saw, victims are told files are chosen by the hour for deletion if the ransom isn’t paid.

The threatening notice says that in the primary day, solely a couple of files are erased, however following now, many thousand are removed on a daily basis for missing payment. If users try to shut the system or shut down the pc, Jigsaw tells users one thousand files are deleted on startup “as a social control. ”

Jigsaw Countdown

Jigsaw Countdown

 

Yet , the code isn’t specifically refined. As Jigsaw is written in. NET, the team were ready to reverse engineer the malware’s code and tear out the encoding key used by Jigsaw to secure away user files — moreover as find each one of the a hundred Bitcoin addresses accustomed store ransomware repayments.

In the video below, you’ll be able to observe however the ransomware behaves every system is compromised — and also the creepy message victims given to force those to pay.

 

The infection rates are tiny and therefore the come looks to be poor. However, the practicality of this new variety of ransomware remains value noting. As law-breaking becomes additional refined and tools are developed, even those with an absence of talent will take advantage and Jigsaw could be a prime example of however ransomware could find yourself evolving on a wider scale within the future.

 

The new ransomeware first discovered by @Trojan7Sec. Once it encrypts all the data on your system then you would see the following message

OphionLocker Screen Message

OphionLocker Screen Message

 

It also add a textfile on your desktop with the details of making the payment and collecting the decryption key

OphionLocker Text

OphionLocker Text

 

The payment website looks like below

 

Ransom Page

Ransom Page

 

 

Fake Ransom

Fake Ransom

This ransomware does not securely delete your files or remove the shadow volume copies so it is still possible to recover your files using a file recovery tool or a program like Shadow Explorer.

 

More information on this can be found @trojan7malware.blogspot.co.uk

K-Cup

Do you use Keurig 2.0 or know anyone who does?

Keurig 2.0

Keurig 2.0

Then you might interested in knowing that the Keurig 2.0 Coffee Maker contains a vulnerability in which the authenticity of coffee pods (commonly known as K-Cups) uses weak verification methods and which could be subject to a spoofing attack through re-use of a previously verified K-Cup.

K-Cup

K-Cup

The complete hack is demonstrated at a video below:

The complete details of the vulnerability can be found at caffeinesecurity

This information is for educational purposes only. Please do not use it for any illegal purposes.

Make sure you patch your system to fix the kernel-mode driver vulnerability. This vulnerability could allow remote code execution in the following Windows Operating systems

 

  • Windows Server 2003
  • Windows Server 2008
  • Windows Server 2008 R2
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows 7
  • Windows 8
  • Windows 8.1

 

You will find more details about the vulnerability and its fix here at Microsoft.com