ACME demo bundle of PHP framework Symfony2

ACME is a fictional company from the Looney Tunes Cartoon series.

ACME means a company that makes everything.

Symfony team has used this name as a sample project. This project is named ACMEDemoBundle.

This project has been used in Symfony manuals, tutorials and books to properly explain the framework in a near real scenario.

How to install phpUnit on Windows?

1. Install Composer-Exe from link

2. Edit/Create composer.json into C:\cygwin64\home\Administrator

3. Add below dependency to composer.json

{
“require-dev”: {
“phpunit/phpunit”: “3.7.*”
}
}

3. run cmd command -> composer install -dev, below output will ensure phpUnit installation.

composer install -dev
Loading composer repositories with package information
Installing dependencies (including require-dev)
– Installing symfony/yaml (v2.5.7)
Downloading: 100%

– Installing phpunit/php-text-template (1.2.0)
Downloading: 100%

– Installing phpunit/phpunit-mock-objects (1.2.3)
Downloading: 100%

– Installing phpunit/php-timer (1.0.5)
Downloading: 100%

– Installing phpunit/php-token-stream (1.2.2)
Downloading: 100%

– Installing phpunit/php-file-iterator (1.3.4)
Downloading: 100%

– Installing phpunit/php-code-coverage (1.2.18)
Downloading: 100%

– Installing phpunit/phpunit (3.7.38)
Downloading: 100%

phpunit/phpunit-mock-objects suggests installing ext-soap (*)
phpunit/php-code-coverage suggests installing ext-xdebug (>=2.0.5)
phpunit/phpunit suggests installing phpunit/php-invoker (~1.1)
Writing lock file
Generating autoload files

Are you sure, you were only two in the last phone call you just disconnected, there was not a third guy, Regin.

There is a new malware looking for your information like tele conversation, chatting, called Regin. It is considered to be a mass surveillance and data collection tool. This tool  target both companies and individuals. Experts believe that this program is the work of a nation-state.

This is an advanced spying tool, it displays a degree of technical competence rarely seen and has been used in spying operations against governments, infrastructure operators, businesses, researchers, and private individuals.

As outlined in a new technical whitepaper from Symantec, Backdoor.Regin is a multi-staged threat and each stage is hidden and encrypted, with the exception of the first stage.  Executing the first stage starts a domino chain of decryption and loading of each subsequent stage for a total of five stages.  Each individual stage provides little information on the complete package. Only by acquiring all five stages is it possible to analyze and understand the threat.

Regin infections have been observed in a variety of organizations between 2008 and 2011, after which  it was abruptly withdrawn. A new version of the malware resurfaced from 2013 onwards. Targets include private companies, government entities and research institutes. Almost half of all infections  targeted private individuals and small businesses. Attacks on telecoms companies appear to be designed to gain access to calls being routed through their infrastructure.

Stealth
Regin’s developers put considerable effort into making it highly inconspicuous. Its low key nature means it can potentially be used in espionage campaigns lasting several years. Even when its presence is detected, it is very difficult to ascertain what it is doing. Symantec was only able to analyze the payloads after it decrypted sample files.

It has several “stealth” features. These include anti-forensics capabilities, a custom-built encrypted virtual file system (EVFS), and alternative encryption in the form of a variant of RC5, which isn’t commonly used. Regin uses multiple sophisticated means to covertly communicate with the attacker including via ICMP/ping, embedding commands in HTTP cookies, and custom TCP and UDP protocols.

Conclusions
Regin is a highly-complex threat which has been used in systematic data collection or intelligence gathering campaigns. The development and operation of this malware would have required a significant investment of time and resources, indicating that a nation state is responsible. Its design makes it highly suited for persistent, long term surveillance operations against targets.

The discovery of Regin highlights how significant investments continue to be made into the development of tools for use in intelligence gathering. Symantec believes that many components of Regin remain undiscovered and additional functionality and versions may exist.  Additional analysis continues and Symantec will post any updates on future discoveries

What is ryujit?

It is a code name for a new x64bit JIT compiler being developed by Microsoft.

A new, next-generation x64 JIT compiler that compiles code twice as fast is ready to change your impressions of 64-bit .NET code

The traditonal 64-bit JIT currently in .NET isn’t always fast to compile your code, meaning you have to rely on other technologies such as NGen or background JIT to achieve fast program startup.

This new JIT is twice as fast, meaning apps compiled with RyuJIT start up to 30% faster (Time spent in the JIT compiler is only one component of startup time, so the app doesn’t start twice as fast just because the JIT is twice as fast.) Moreover, the new JIT still produces great code that runs efficiently throughout the long run of a server process.