PowerShell Archives

Winsage

May 14, 2025

13 Windows tricks that will make you a pro

Windows Terminal is a modern command interface introduced in Windows 11 and updated in Windows 10, serving as a shell for Command Prompt and PowerShell. It allows users to open multiple tabs and access unique commands for each environment. Certain system settings and Windows registry modifications are easier through Terminal. The built-in tool Winget enables users to install, update, and uninstall applications from the Microsoft Store. For example, to install Microsoft PowerToys, the command is: PLACEHOLDER4e6e62aa140fd021. Users can view available features by typing PLACEHOLDER156ddf6fbe029a6a, and can get help with specific commands by appending PLACEHOLDER6c47266b38ce590a. To install software for all users, the command is modified with PLACEHOLDER2401129c8584a179. Updating applications can be done with the command winget upgrade –all –silent, although administrative privileges may be required. Chocolatey is another package manager available for software management, though its installation is more complex.

Tech Optimizer

May 13, 2025

If I would ever install an antivirus, this open-source tool would be my choice, and here is why

ClamAV is a free, open-source antivirus tool that allows public scrutiny of its code, ensuring security and integrity. It is compatible with multiple platforms, including Linux, Windows, and macOS, and is suitable for self-hosted servers and virtual machines. ClamAV includes features like SigTool for managing the virus signature database and ClamBC for advanced dynamic detection capabilities. It operates through a command-based interface, which may be intimidating for some users, and requires initial configuration. Despite its thorough scanning process, it may not perform as quickly as other antivirus solutions. ClamAV is recognized for its ability to identify a wide array of potential threats without financial investment.

Winsage

May 13, 2025

How to install and use Ollama to run AI LLMs on your Windows 11 PC

The current landscape of artificial intelligence interactions includes cloud-based tools like ChatGPT and Copilot, but some users, especially developers, prefer running large language models (LLMs) locally. Ollama provides a solution for this preference. To run LLMs effectively, hardware requirements include a GPU, with larger models needing more computational power. For example, Google's Gemma 3 has a 1 billion parameter model requiring 2.3GB of VRAM and a 4 billion parameter version needing over 9GB. Meta's Llama 3.2 has similar requirements. A modern PC with at least 8GB of RAM and a dedicated GPU can utilize Ollama. To install Ollama on Windows 11, users download the installer from the official website or GitHub and follow the installation process. Once installed, it operates in the background, indicated by an icon in the taskbar, and can be accessed via localhost:11434 in a web browser. Ollama primarily uses a command-line interface (CLI), requiring users to use PowerShell or WSL. Key commands include "ollama pull" to install LLMs and "ollama run" to execute them. For instance, to install the 1 billion parameter Google Gemma 3 LLM, users would enter "ollama pull gemma3:1b". Running the models opens a chatbot interface for user interaction, and exiting can be done by typing "/bye". Setting up Ollama is user-friendly and requires minimal technical expertise.

Winsage

May 10, 2025

I made my Windows Terminal exactly the way I want it, and it’s hard to go back to GUI apps

The author has been using Linux, specifically Ubuntu Server, for over a decade for cloud deployments, game server management, and media streaming. They primarily use a MacBook for daily tasks but also require Windows for gaming on a main PC, utilizing Windows Subsystem for Linux (WSL). The author has configured Windows Terminal to manage multiple command-line shells, including Windows PowerShell, Command Prompt, and WSL, all within a single application. Windows Terminal is pre-installed on Windows 11 version 22H2 or later and can be downloaded from the Microsoft Store for earlier versions. The author's Windows Terminal setup opens a WSL environment by default and includes options for Command Prompt, PowerShell, and Developer Command Prompts. They have customized their experience by removing trailing whitespace when pasting, organizing tab order, hiding the title bar, and using a Dark theme with the Monokai Remastered color scheme and JetBrains Mono font. The WSL configuration is set to access an Ubuntu terminal directly. Windows Terminal allows the author to connect to Proxmox hosts or virtual machines via SSH and supports multiple tabs for managing different systems. It features a "Quake" mode for quick command execution and the ability to create automated tools with keyboard shortcuts. The author plans to explore adding SSH profiles for easier server connections.

Winsage

May 10, 2025

Best Windows apps this week

Windows 11, version 24H2 has officially rolled out, but some devices may face installation issues due to unresolved problems. This week features discounts on various apps, with users encouraged to check the Store for offers. BleachBit 5.0 has been updated, enhancing its functionality as a temporary file cleaner and secure file deleter, while discontinuing support for Windows 7 and earlier versions and addressing several DLL vulnerabilities. Sucrose is a new open-source wallpaper tool for Windows that allows users to download animated wallpapers or create their own, including transforming websites into dynamic wallpapers. Winhance 5 is a free utility for customizing Windows, allowing changes to system settings and removal of system apps, with a more intuitive graphical user interface compared to its predecessor.

Winsage

May 10, 2025

Hackers Using Windows Remote Management to Stealthily Navigate Active Directory Network

Threat actors are exploiting Windows Remote Management (WinRM) to navigate through Active Directory environments stealthily, allowing them to bypass detection systems, escalate privileges, and deploy malicious payloads. WinRM operates on HTTP port 5985 and HTTPS port 5986, enabling remote command execution and management tasks. Attackers can gain access through compromised credentials and use WinRM-enabled PowerShell commands for reconnaissance, deploying payloads while evading detection. The attack chain includes initial access, reconnaissance, payload deployment, persistence, and lateral movement, often utilizing techniques that obfuscate malicious activities. Detecting such attacks is challenging due to the use of built-in Windows functionalities and encrypted channels. Recommended mitigation strategies include monitoring for unusual activity, restricting WinRM access, enforcing credential hygiene, and implementing advanced monitoring solutions.

Winsage

May 9, 2025

You Need a Windows Package Manager — Virtualization Review

Microsoft's WinGet is a command-line tool for managing software on Windows, allowing users to install, update, list, and uninstall applications. UniGetUI is an open-source graphical user interface that enhances WinGet's functionality, making it easier for users to manage software without using the command line. UniGetUI supports various package managers and features batch operations, automatic updates, and custom installation options. To install UniGetUI, users can execute the command winget install --exact --id MartiCliment.UniGetUI --source winget or download it from the Microsoft Store. Users can easily navigate its interface to discover, install, and uninstall packages.

Winsage

May 8, 2025

Winhance is the best free and open-source tool to customize and optimize your Windows 11 install

Winhance is a free, open-source application designed to enhance the Windows 11 experience by allowing users to debloat, optimize, and customize their systems. It originated as a PowerShell script and simplifies the installation and customization process for Windows users. Winhance is compatible with certain long-term servicing channel versions of Windows 10 until support ends in October 2025. The application provides an overview of available applications and features for installation or removal, enabling users to uninstall unnecessary Windows apps like Bing search, Copilot, and Microsoft Edge. It also offers alternative browsers such as Brave and DuckDuckGo. The main interface is intuitive, allowing users to easily identify and remove Microsoft applications. While it includes basic customization options, it lacks some popular open-source alternatives but offers storage and security applications like Proton VPN and Proton Drive. Users can initiate the installation process by selecting desired applications and features, and the removal of unwanted features is straightforward. The efficiency of these operations varies based on the number of items selected, but user feedback indicates a responsive process.

Winsage

May 7, 2025

Play ransomware affiliate leveraged zero-day to deploy malware

The Play ransomware gang exploited a critical vulnerability in the Windows Common Log File System, identified as CVE-2025-29824, which has a CVSS score of 7.8 and is categorized as a "Use after free" vulnerability. This flaw allows an authorized attacker to elevate privileges locally and has been confirmed to be exploited in real-world attacks. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added it to its Known Exploited Vulnerabilities catalog in April. Microsoft addressed this vulnerability during its April Patch Tuesday security updates, acknowledging its exploitation in limited attacks targeting various sectors in the U.S. and Saudi Arabia. Researchers from Symantec reported that the Play ransomware gang used the CVE-2025-29824 exploit in an attack against a U.S. organization before the public disclosure and patching of the vulnerability. The attackers utilized the Grixba infostealer tool and initially exploited a public-facing Cisco ASA firewall to gain entry. They deployed tools to gather information, escalated privileges using the CVE-2025-29824 exploit, and executed malicious scripts to steal credentials. The exploit took advantage of race conditions in driver memory handling, allowing kernel access and manipulation of files. Before the patch was released, the exploit was reportedly used by multiple threat actors, and Microsoft linked it to other malware.

Winsage

May 6, 2025

I used Sophia Script to take back control of Windows 11, and I wish I did it sooner

Sophia Script is a PowerShell module available on GitHub that simplifies the process of adjusting Windows settings through the command line interface (CLI), offering over 150 regularly updated functions. It provides GUI-based options for managing tasks like telemetry settings, scheduling tasks, and uninstalling OneDrive, allowing users to select multiple tasks at once. The setup process involves opening the main PS1 file in Notepad++, changing the directory, and executing a command from GitHub, with comprehensive instructions available. Users can customize settings by adding or replacing code with a hashtag next to the script they wish to run, and it allows changes to be applied across all user accounts. Sophia Script is particularly useful for configuring new PCs or fresh installations, as it helps remove unnecessary bloatware and streamline system performance. It can uninstall Microsoft apps, including the Windows Copilot app, and has created five scheduled tasks after running, saving time compared to traditional methods. The creator, Farag2, is also developing a GUI version, SophiApp 2.0.