command-line Archives

AppWizard

May 14, 2025

Marbled Dust leverages zero-day in Output Messenger for regional espionage

Since April 2024, the threat actor Marbled Dust has been exploiting a zero-day vulnerability (CVE-2025-27920) in the Output Messenger chat application, targeting user accounts that have not applied necessary fixes. This exploitation has resulted in the collection of sensitive data from users in Iraq, specifically linked to the Kurdish military. Microsoft has high confidence in this assessment and notes that Marbled Dust conducts reconnaissance to identify potential targets using Output Messenger. Marbled Dust has successfully utilized this vulnerability to deploy malicious files and exfiltrate data. Microsoft notified the application’s developer, Srimax, about the vulnerability, leading to the release of a software update. A second vulnerability (CVE-2025-27921) was also found, but no exploitation of this second flaw has been observed. The zero-day vulnerability allows an authenticated user to upload malicious files to the server's startup directory. Marbled Dust has exploited this flaw to place a backdoor file, OMServerService.vbs, in the startup folder, enabling them to access communications and sensitive data indiscriminately. The attack chain begins with Marbled Dust gaining access to the Output Messenger Server Manager, likely through DNS hijacking or other credential interception techniques. Once inside, they exploit the vulnerability to drop malicious files, including a GoLang backdoor, which connects to a Marbled Dust command-and-control domain for data exfiltration. To mitigate this threat, Microsoft recommends updating to the latest version of Output Messenger, activating various security protections, and implementing rigorous vulnerability management strategies. Microsoft Defender XDR customers can identify potential threat activity through specific alerts related to Marbled Dust and utilize advanced hunting queries for detection. Indicators of compromise include traffic to the domain api.wordinfos[.]com, associated with Marbled Dust activities.

Tech Optimizer

May 13, 2025

If I would ever install an antivirus, this open-source tool would be my choice, and here is why

ClamAV is a free, open-source antivirus tool that allows public scrutiny of its code, ensuring security and integrity. It is compatible with multiple platforms, including Linux, Windows, and macOS, and is suitable for self-hosted servers and virtual machines. ClamAV includes features like SigTool for managing the virus signature database and ClamBC for advanced dynamic detection capabilities. It operates through a command-based interface, which may be intimidating for some users, and requires initial configuration. Despite its thorough scanning process, it may not perform as quickly as other antivirus solutions. ClamAV is recognized for its ability to identify a wide array of potential threats without financial investment.

Winsage

May 13, 2025

How to install and use Ollama to run AI LLMs on your Windows 11 PC

The current landscape of artificial intelligence interactions includes cloud-based tools like ChatGPT and Copilot, but some users, especially developers, prefer running large language models (LLMs) locally. Ollama provides a solution for this preference. To run LLMs effectively, hardware requirements include a GPU, with larger models needing more computational power. For example, Google's Gemma 3 has a 1 billion parameter model requiring 2.3GB of VRAM and a 4 billion parameter version needing over 9GB. Meta's Llama 3.2 has similar requirements. A modern PC with at least 8GB of RAM and a dedicated GPU can utilize Ollama. To install Ollama on Windows 11, users download the installer from the official website or GitHub and follow the installation process. Once installed, it operates in the background, indicated by an icon in the taskbar, and can be accessed via localhost:11434 in a web browser. Ollama primarily uses a command-line interface (CLI), requiring users to use PowerShell or WSL. Key commands include "ollama pull" to install LLMs and "ollama run" to execute them. For instance, to install the 1 billion parameter Google Gemma 3 LLM, users would enter "ollama pull gemma3:1b". Running the models opens a chatbot interface for user interaction, and exiting can be done by typing "/bye". Setting up Ollama is user-friendly and requires minimal technical expertise.

Tech Optimizer

May 12, 2025

Defendnot: A Tool That Disables Windows Defender by Registering as an Antivirus

Cybersecurity developers have created a tool called defendnot, which disables Windows Defender by utilizing undocumented Windows Security Center (WSC) APIs. This tool is a successor to the no-defender project, which was taken down due to DMCA challenges. The developer reverse-engineered WSC’s validation algorithms and identified Taskmgr.exe as a suitable process to host the necessary code. Defendnot persists across reboots by adding itself to Windows autorun and can be managed via a command-line interface with options to disable Windows Defender and Windows Firewall. Unlike its predecessor, defendnot does not use third-party antivirus code. Security experts warn that disabling protection mechanisms should only be done in controlled environments by knowledgeable users.

Winsage

May 10, 2025

I made my Windows Terminal exactly the way I want it, and it’s hard to go back to GUI apps

The author has been using Linux, specifically Ubuntu Server, for over a decade for cloud deployments, game server management, and media streaming. They primarily use a MacBook for daily tasks but also require Windows for gaming on a main PC, utilizing Windows Subsystem for Linux (WSL). The author has configured Windows Terminal to manage multiple command-line shells, including Windows PowerShell, Command Prompt, and WSL, all within a single application. Windows Terminal is pre-installed on Windows 11 version 22H2 or later and can be downloaded from the Microsoft Store for earlier versions. The author's Windows Terminal setup opens a WSL environment by default and includes options for Command Prompt, PowerShell, and Developer Command Prompts. They have customized their experience by removing trailing whitespace when pasting, organizing tab order, hiding the title bar, and using a Dark theme with the Monokai Remastered color scheme and JetBrains Mono font. The WSL configuration is set to access an Ubuntu terminal directly. Windows Terminal allows the author to connect to Proxmox hosts or virtual machines via SSH and supports multiple tabs for managing different systems. It features a "Quake" mode for quick command execution and the ability to create automated tools with keyboard shortcuts. The author plans to explore adding SSH profiles for easier server connections.

Winsage

May 9, 2025

You Need a Windows Package Manager — Virtualization Review

Microsoft's WinGet is a command-line tool for managing software on Windows, allowing users to install, update, list, and uninstall applications. UniGetUI is an open-source graphical user interface that enhances WinGet's functionality, making it easier for users to manage software without using the command line. UniGetUI supports various package managers and features batch operations, automatic updates, and custom installation options. To install UniGetUI, users can execute the command winget install --exact --id MartiCliment.UniGetUI --source winget or download it from the Microsoft Store. Users can easily navigate its interface to discover, install, and uninstall packages.

Winsage

May 7, 2025

I ditched Windows Explorer for a terminal-first file manager, and I’m never looking back

Windows users often experience limitations with File Explorer, which can be slow and cumbersome. Yazi is an alternative file management tool built using Rust, designed for speed and reliability. It operates asynchronously, preventing freezes and inefficiencies, and features a minimalist terminal interface for efficient file management. Yazi is accessible for both power users and beginners, allowing navigation with arrow keys and mouse interactions. It includes advanced features such as batch renaming, multi-tab support, and scrollable previews for various file types. The command-line tool “ya” enhances plugin management and customization options, allowing users to adjust appearance and functionality. Yazi is available for download on GitHub.

Winsage

May 7, 2025

Software engineer taught Microsoft Copilot to analyze Windows crash dumps

Software engineer Sven Scharmentke, known as Svnscha, has developed an open-source tool called mcp-windbg for crash dump analysis, available on GitHub. This AI-driven tool automates the execution of WinDBG/CDB commands, improving productivity in debugging tasks. Svnscha highlights the challenges faced during development, particularly in creating the interaction layer with Microsoft's Command-Line Console Debugger (CDB). The tool enables natural language crash analysis, contextual debugging, and root cause identification, benefiting software engineers and support teams. However, users are advised that a foundational understanding of debugging principles is necessary to effectively utilize the tool, which serves as a "simple Python wrapper around CDB."

Tech Optimizer

May 5, 2025

One-click Postgres Pro optimization with pgpro_tune

pgpro_tune is a command-line utility designed to optimize the initial server configuration of Postgres Pro based on hardware specifications. It scans the server to identify key hardware details, processes these values through shell scripts that encapsulate tuning expertise, and generates recommended parameters for PostgreSQL settings, including memory management, autovacuum tuning, connection limits, and statistics collection. The utility appends these settings to the postgresql.conf file, ensuring they override the default settings. pgpro_tune supports various presets for different use cases and allows database administrators to create custom presets. It runs automatically during cluster initialization and can be executed manually at any time, applying changes through standard PostgreSQL methods. This tool aims to streamline the tuning process, reduce the risks of misconfiguration, and enhance performance without replacing the need for advanced tuning in specialized scenarios.

Winsage

May 2, 2025

Lightweight Windows 11 version finally gets an update

Microsoft has released version 2504 of Validation OS, a streamlined version of Windows 11 designed for hardware validation, error diagnosis, and quality control in Windows device production. This version includes enhancements in .NET support, driver management, and USB boot capabilities. It operates through a command-line interface (CLI) and supports Win32 applications. Key features of the 2504 release include support for WPF applications via the Microsoft-WinVOS-WPF-Support package, inclusion of Surface Dock drivers, improved USB boot functionality with RAM disk size configuration through DISM, separation of CJK fonts from the general font package, and an upgrade to the latest .NET implementation. Some known issues remain, such as instability with Bluetooth and Serial Console packages on ARM64 systems. The update builds on previous releases that added features like the Out of Box Experience (OOBE) and Hyper-V-compatible VHDX images. Validation OS is not intended for end users but benefits manufacturers and IT professionals in hardware production and validation. The latest build is available for download from Microsoft's official page.