command-line Archives

Winsage

March 3, 2026

PoC Exploit Released for Windows Error Reporting ALPC Privilege Escalation

A critical local privilege escalation vulnerability, tracked as CVE-2026-20817, affects Microsoft Windows through the Windows Error Reporting (WER) service. This flaw allows authenticated users with low-level privileges to execute arbitrary code with full SYSTEM privileges. The vulnerability resides in the SvcElevatedLaunch method (0x0D) and fails to validate user permissions, enabling attackers to launch WerFault.exe with malicious command-line parameters from a shared memory block. The exploit affects all versions of Windows 10 and Windows 11 prior to January 2026, as well as Windows Server 2019 and 2022. Microsoft addressed this vulnerability in the January 2026 Security Update. Organizations are advised to apply security patches and monitor for unusual WerFault.exe processes.

Tech Optimizer

February 28, 2026

Migrate PostgreSQL from DigitalOcean to AWS

The video tutorial explores two methods for migrating PostgreSQL databases from DigitalOcean to AWS. The first method uses native PostgreSQL CLI tools (pg_dump and pg_restore) for smaller databases. The second method employs AWS Database Migration Service (DMS) for larger databases, allowing for a seamless transition with minimal downtime. Key steps in the DMS process include creating replication instances, setting up endpoints, and configuring migration tasks. The video is divided into chapters covering both migration methods.

Tech Optimizer

February 24, 2026

Fake Huorong Site Delivers ValleyRAT Backdoor in Targeted Malware Campaign

A cyber operation is targeting users of Huorong Security antivirus software through a typosquatted domain, huoronga[.]com, which mimics the legitimate site huorong.cn. Users who mistakenly visit the counterfeit site may download a file named BR火绒445[.]zip, which contains a trojanized installer that leads to the installation of ValleyRAT, a remote access trojan. The malware employs various techniques to evade detection, including using an intermediary domain for downloads, creating Windows Defender exclusions, and establishing a scheduled task for persistence. The backdoor facilitates activities such as keylogging and credential access while disguising its operations within legitimate processes like rundll32.exe. Attribution points to the Silver Fox APT group, and there has been a significant increase in ValleyRAT samples documented in recent months. Security measures include ensuring software downloads are from the official site and monitoring for specific malicious activities.

Winsage

February 22, 2026

You Can Now Install—and Update—Microsoft Store Apps Using the Command Line

Microsoft has introduced a new command line interface for the Microsoft Store, accessible through PowerShell by typing "store." Users must have all current Windows 11 updates installed for functionality. The interface features ASCII art and a list of sub-commands, allowing users to search, install, and update software with minimal keystrokes. Users can install applications without needing to remember exact names, and commands like "store install firefox" yield accurate results. Limitations include the inability to install applications not available in the Microsoft Store. Users can also search for apps, gain insights into specific applications, and browse categories. The command "store updates" allows users to manage application updates efficiently.

Winsage

February 21, 2026

You Can Now Install—and Update—Microsoft Store Apps Using the Command Line

Microsoft has introduced a new command line interface for the Microsoft Store that allows users to bypass the traditional interface for app installation and management. Users can access this feature by launching PowerShell and typing “store.” If the command doesn't work, ensuring Windows 11 updates are current may resolve the issue. The interface includes an ASCII art display and a list of sub-commands for searching, installing, and updating software with minimal keystrokes. Users can install applications by typing commands like “store install firefox,” which searches for the app and provides relevant information. The tool can only install apps available in the Microsoft Store, excluding some popular options. Users can also use commands like “store search” and “store browse-apps” to explore available applications. Additionally, the command “store updates” allows users to install all pending Store updates collectively or update individual apps. This new command line approach aims to enhance the speed and efficiency of software management on Windows.

Winsage

February 17, 2026

How to Uninstall and Reinstall Chrome on Windows 11 Using Winget CMD

Google Chrome can experience performance issues on Windows due to corrupted profiles, extension conflicts, broken updates, and crashes. A complete uninstall and reinstall often resolves these issues, and the Windows Package Manager (Winget) provides a command-line method for this process. To uninstall Chrome using Winget, open Terminal as an administrator and run the command PLACEHOLDER7836d906c03bd8f1. After uninstallation, verify it with PLACEHOLDER30cf24d62406b8ee, then reinstall using PLACEHOLDER76e40aae6965d719. For a clean reinstall, delete the leftover user data folder at PLACEHOLDER142352b706501488. Commands: - Check installed version: winget list Google.Chrome - Uninstall Chrome: winget uninstall Google.Chrome - Verify removal: winget list Google.Chrome - Reinstall Chrome: winget install Google.Chrome - Silent install: winget install Google.Chrome --silent - Delete leftover data: rmdir /s /q "%LocalAppData%GoogleChrome" Before executing commands, ensure Winget is available and updated, and that you have administrator privileges. Backup data by enabling Chrome Sync. Close Chrome completely before uninstalling to avoid process interference. A clean reinstall involves deleting the Chrome user data folder, which removes bookmarks, passwords, and other stored data. Winget is faster and more suitable for scripting and remote management compared to traditional uninstall methods through the Settings app or Control Panel. Common troubleshooting for Winget includes handling errors related to package recognition, installation blocks, and access issues. If uninstalling fails, terminate any running Chrome processes and retry the command. If unsuccessful, use the Settings app for removal and then Winget for reinstallation.

Tech Optimizer

February 16, 2026

How to Uninstall McAfee on Windows 11 (3 Methods Including winget)

To uninstall McAfee on Windows 11, go to Settings → Apps → Installed apps, find McAfee, and select Uninstall. Alternatively, use the command winget uninstall --id "McAfee.TotalProtection" in an elevated terminal. After uninstalling, run McAfee’s MCPR removal tool to remove any leftover files and registry entries. Windows Security (Defender) will automatically activate after McAfee is removed. McAfee is often preinstalled on Windows 11 laptops by manufacturers like Dell, HP, Lenovo, and ASUS. It is recommended to create a system restore point before uninstalling and ensure you have administrative rights. After uninstalling, check for any remaining McAfee entries in installed apps, running services, Task Manager processes, leftover folders, and scheduled tasks. If issues arise during uninstallation, booting into Safe Mode or using the MCPR tool can help. Windows Security is a built-in antivirus that activates automatically after McAfee removal, providing protection.

Winsage

February 13, 2026

Four new reasons why Windows LNK files cannot be trusted

Researcher Beukema presented a method for concealing malicious command-line arguments within benign executables using LNK files. This technique allows attackers to initiate trusted Windows binaries while embedding instructions without directly referencing malware. The manipulation occurs in the LNK file's “ExtraData” section by enabling the “HasExpString” flag and configuring the “EnvironmentVariableDataBlock” with null bytes in the “TargetANSI/TargetUnicode” fields. This results in the target field becoming read-only and hiding command-line arguments, which are still passed on when the LNK is opened. This enables exploitation by allowing the execution of arbitrary commands while launching a harmless system component.

Winsage

February 13, 2026

Microsoft: New Windows LNK spoofing issues aren’t vulnerabilities

Security researcher Wietze Beukema revealed vulnerabilities in Windows LK shortcut files at the Wild West Hackin' Fest, which could allow attackers to deploy harmful payloads. He identified four undocumented techniques that manipulate these shortcut files, obscuring malicious targets from users. The vulnerabilities exploit inconsistencies in how Windows Explorer handles conflicting target paths, allowing for deceptive file properties. One technique involves using forbidden Windows path characters to create misleading paths, while another manipulates LinkTargetIDList values. The most sophisticated method alters the EnvironmentVariableDataBlock structure to present a false target in the properties window while executing malicious commands in the background. Microsoft declined to classify the EnvironmentVariableDataBlock issue as a security vulnerability, stating that exploitation requires user interaction and does not breach security boundaries. They emphasized that Windows recognizes shortcut files as potentially dangerous and provides warnings when opening them. However, Beukema noted that users often ignore these warnings. The vulnerabilities share similarities with CVE-2025-9491, which has been exploited by various state-sponsored and cybercrime groups. Microsoft initially did not address CVE-2025-9491 but later modified LNK files to mitigate the vulnerability after it was widely exploited.

Winsage

February 13, 2026

Microsoft Store updated with a new CLI, analytics, and Web Installer improvements

Microsoft has introduced a suite of new developer tools and enhancements for app development on its platform, including: - A command-line interface (CLI) for the Microsoft Store, allowing developers to discover, install, and update applications directly from the terminal. - Enhanced developer analytics tools, including an upgraded Health Report with multiple filters and Anomaly Alerts for unusual crash or hang patterns. - A new Summary Dashboard that highlights key performance indicators and a redesigned Usage Dashboard with richer engagement signals. - Improvements to the Web Installer for Win32 applications, enabling auto-open capability post-installation and expanded support for enterprise devices to streamline installations.