blocklists Archives

AppWizard

January 26, 2026

Want to block ads on Android? Here’s why I use an app over Private DNS

A recent poll showed that 65% of Android users block ads using the Private DNS feature, 19% use third-party apps like Blokada, 12% do not block ads at all, and 5% employ alternative solutions. The Private DNS feature allows users to specify a DNS provider for content control but may face challenges like website accessibility issues. In contrast, ad-blocking apps like Blokada use multiple blocklists and Android's VPN service for real-time filtering, offering more customization and control over ad-blocking preferences, though they may consume battery and require manual restarts on some devices. The choice between Private DNS and ad-blocking apps depends on individual user preferences and needs.

Winsage

October 20, 2025

Simplewall is the Windows Firewall tuning tool everyone needs

A firewall acts as a barrier against threats to devices, with most operating systems including one for basic protection. The Windows Defender Firewall has a complex interface, but it features a powerful packet filtering engine. Simplewall is a standalone network filtering application built on the Windows Filtering Platform (WFP) that offers users straightforward control over network traffic. It includes a rules editor that allows users to manage applications and services, enabling them to block or allow specific traffic easily. Users can create custom rules based on protocol, ports, or IP addresses, which is particularly useful in home lab environments. Simplewall also provides an OS-level blacklist to limit Microsoft's data collection and can block known advertising and tracking IPs. It is compatible with various Windows versions, including Windows 7 and ARM64 architecture, and can filter traffic from the Windows Subsystem for Linux (WSL). Simplewall is available in a portable version, does not log telemetry data, and is open-source. However, users must manage rules carefully, as blocking critical services can lead to connectivity issues. The development of Simplewall is supported by a community that contributes to its improvement.

Tech Optimizer

September 2, 2025

New malware exploits trusted Windows drivers to get around security systems – here’s how to stay safe

The Chinese threat group Silver Fox has exploited the WatchDog Antimalware driver to disable antivirus and endpoint detection tools as part of a strategy called "Bring Your Own Vulnerable Driver." They have also targeted the Zemana Anti-Malware driver (ZAM.exe) to ensure compatibility across Windows 7, 10, and 11. Initial infection methods are speculated to involve phishing or social engineering. The attackers used infrastructure in China to host loader binaries with anti-analysis features, which included hardcoded lists of targeted security processes for termination and facilitated the deployment of ValleyRAT malware. Check Point Research noted that the exploitation of the WatchDog driver has evolved, prompting WatchDog to release an update for a local privilege escalation flaw, although concerns about arbitrary process termination persist. IT teams are advised to update blocklists, implement YARA detection rules, and monitor network traffic to mitigate risks.

Winsage

August 30, 2025

Silver Fox APT Hackers Leveraging Vulnerable driver to Attack Windows 10 and 11 Systems by Evading EDR/AV

In mid-2025, a campaign attributed to the Silver Fox Advanced Persistent Threat (APT) began exploiting a vulnerable Microsoft-signed WatchDog Antimalware driver (amsdk.sys, version 1.0.600) to compromise modern Windows environments. The attackers use the driver's arbitrary process termination capability to bypass endpoint detection and antivirus protections on fully patched Windows 10 and 11 systems. The attack starts with a loader that checks for virtual machines and sandboxes before dropping two drivers into a new directory. These drivers are registered as kernel services, and the loader ensures persistence. The campaign's logic then terminates security service processes by exploiting the driver's vulnerabilities, allowing the injection of a ValleyRAT downloader module that connects to Chinese-hosted C2 servers. After the vulnerability was disclosed, a patched driver (wamsdk.sys, version 1.1.100) was released, but Silver Fox adapted by modifying the driver's signature timestamp to evade detection while maintaining the signature's validity.

AppWizard

June 3, 2025

Meta and Yandex are de-anonymizing Android users’ web browsing identifiers

Recent developments in browser technology have raised concerns about user privacy and data tracking by companies like Meta and Yandex. In response, several Android browsers are enhancing user privacy by blocking abusive JavaScript linked to web trackers. DuckDuckGo has implemented measures to block domains and IP addresses associated with trackers, preventing the transmission of identifiers to Meta and restricting access to Yandex Metrica. Following feedback, DuckDuckGo's developers updated their blacklist to include missing addresses. The Brave browser uses extensive blocklists to prevent identifier sharing and blocks requests to localhost without user consent. Vivaldi forwards identifiers to local Android ports by default but allows users to adjust settings to block trackers. Researchers warn that these solutions may not be foolproof and emphasize the ongoing challenge of maintaining effective blocklists. Chrome and most other Chromium-based browsers execute JavaScript as intended by Meta and Yandex, while Firefox has faced challenges with SDP munging and has not yet announced plans to address this behavior.