scripts Archives

Winsage

May 10, 2025

Hackers Using Windows Remote Management to Stealthily Navigate Active Directory Network

Threat actors are exploiting Windows Remote Management (WinRM) to navigate through Active Directory environments stealthily, allowing them to bypass detection systems, escalate privileges, and deploy malicious payloads. WinRM operates on HTTP port 5985 and HTTPS port 5986, enabling remote command execution and management tasks. Attackers can gain access through compromised credentials and use WinRM-enabled PowerShell commands for reconnaissance, deploying payloads while evading detection. The attack chain includes initial access, reconnaissance, payload deployment, persistence, and lateral movement, often utilizing techniques that obfuscate malicious activities. Detecting such attacks is challenging due to the use of built-in Windows functionalities and encrypted channels. Recommended mitigation strategies include monitoring for unusual activity, restricting WinRM access, enforcing credential hygiene, and implementing advanced monitoring solutions.

AppWizard

May 8, 2025

Weirdly, one of our favorite board games works even better in Minecraft

The British YouTube group, The Yogscast, has adapted the social deduction game Blood on the Clocktower within Minecraft, introducing unique characters such as the Wizard, who can transform players into sheep, and the Amnesiac, who must discover their power by finding hidden items in the game world. This adaptation features a collaborative map developed with the Lonely Yogs Discord, including detailed town buildings and houses for players. The community continues to innovate and preserve the essence of the original game through creative adaptations and shared experiences.

Winsage

May 7, 2025

Play ransomware affiliate leveraged zero-day to deploy malware

The Play ransomware gang exploited a critical vulnerability in the Windows Common Log File System, identified as CVE-2025-29824, which has a CVSS score of 7.8 and is categorized as a "Use after free" vulnerability. This flaw allows an authorized attacker to elevate privileges locally and has been confirmed to be exploited in real-world attacks. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added it to its Known Exploited Vulnerabilities catalog in April. Microsoft addressed this vulnerability during its April Patch Tuesday security updates, acknowledging its exploitation in limited attacks targeting various sectors in the U.S. and Saudi Arabia. Researchers from Symantec reported that the Play ransomware gang used the CVE-2025-29824 exploit in an attack against a U.S. organization before the public disclosure and patching of the vulnerability. The attackers utilized the Grixba infostealer tool and initially exploited a public-facing Cisco ASA firewall to gain entry. They deployed tools to gather information, escalated privileges using the CVE-2025-29824 exploit, and executed malicious scripts to steal credentials. The exploit took advantage of race conditions in driver memory handling, allowing kernel access and manipulation of files. Before the patch was released, the exploit was reportedly used by multiple threat actors, and Microsoft linked it to other malware.

Tech Optimizer

May 5, 2025

One-click Postgres Pro optimization with pgpro_tune

pgpro_tune is a command-line utility designed to optimize the initial server configuration of Postgres Pro based on hardware specifications. It scans the server to identify key hardware details, processes these values through shell scripts that encapsulate tuning expertise, and generates recommended parameters for PostgreSQL settings, including memory management, autovacuum tuning, connection limits, and statistics collection. The utility appends these settings to the postgresql.conf file, ensuring they override the default settings. pgpro_tune supports various presets for different use cases and allows database administrators to create custom presets. It runs automatically during cluster initialization and can be executed manually at any time, applying changes through standard PostgreSQL methods. This tool aims to streamline the tuning process, reduce the risks of misconfiguration, and enhance performance without replacing the need for advanced tuning in specialized scenarios.

Winsage

April 22, 2025

Critical Windows Update Stack Vulnerability Allows Code Execution & Privilege Escalation

A security vulnerability identified as CVE-2025-21204 has been discovered in the Windows Update Stack, allowing local attackers to execute unauthorized code and escalate privileges to SYSTEM-level access. This vulnerability, with a CVSS score of 7.8 (High), affects Windows 10 versions 1507, 1607, and 1809, among likely other supported Windows 10/11 and Windows Server versions. The flaw arises from a design issue where Windows Update processes do not properly follow directory junctions, enabling attackers with limited user privileges to redirect trusted paths to locations containing malicious code. Microsoft has introduced a mitigation strategy in its April 2025 cumulative update, which includes creating a new folder at the root of system drives and implementing detection rules for suspicious junction creations. Organizations are advised to apply the April 2025 security updates, restrict ACLs on specific directories, prevent symbolic link creation, and monitor file creation activities in certain directories.

Winsage

April 18, 2025

XYplorer is the best dual-pane file manager that I’ve used on Windows

XYplorer is a dual-pane file manager that enhances productivity with its intuitive interface and robust features, allowing simultaneous access to two folders for easier file management. It offers customization options, advanced search capabilities, file previews, batch renaming, and scripting automation. XYplorer is lightweight, providing faster performance and quicker search results compared to Windows File Explorer. It also has a portable version that can run from a flash drive without installation. XYplorer operates as trialware for 30 days, after which users can purchase a license.

Winsage

April 16, 2025

More headaches for IT admins as Windows 11 rolls out to ineligible PCs

Microsoft has encountered issues in its enterprise sector, particularly involving the unintended release of Windows 11 to devices that do not meet eligibility criteria due to a bug in Intune. This problem has persisted since April 12 and is caused by a "latent code issue" that prevents Intune from enforcing rollout block policies. The bug allows Windows 11 to be available to "ineligible" Windows 10 desktop devices that IT administrators had blocked from receiving the update. Microsoft is working on a targeted code fix and has advised IT administrators to pause Windows feature updates and manually revert affected devices to Windows 10. The number of companies impacted is unclear, and there are no automated solutions available for the rollback process.

AppWizard

April 8, 2025

Unlocking Multilingual App Development with Android Studio Translation Plugin

The Android Studio Translation Plugin is a tool for Android developers that facilitates the localization of applications by integrating directly into Android Studio. Key features include real-time translation previews, batch processing for multiple strings, a translation memory system for consistency, API connectivity with services like Google Translate, and support for over 100 languages. To set up the plugin, developers must install it through Android Studio's plugin marketplace, configure settings for source and target languages, and connect to a translation API. Translating an app involves selecting strings in the strings.xml file and using the plugin to translate them, with real-time updates in the layout editor. The plugin enhances developer workflow by automating localization tasks, reducing the risk of errors, and allowing for simultaneous translations. It also helps maintain translation consistency and improves app quality by identifying missing translations. Real-world use cases demonstrate its effectiveness in scaling applications for international markets, such as an e-commerce app that translated over 500 strings and an educational app that localized content for various Indian languages.

Winsage

April 2, 2025

New Windows 11 trick lets you bypass Microsoft Account requirement

A new method allows users to bypass the Microsoft Account requirement in Windows 11 during installation. By pressing Shift+F10 at the "Let's connect you to a network" prompt and entering the command "start ms-cxh:localonly," users can create a local account. This process eliminates the need to switch to a Microsoft Account and simplifies the setup compared to previous methods. Users can verify the use of a local account after installation by checking their account name in the Start menu.

Winsage

March 30, 2025

5 reasons I use PowerShell to automate boring Windows tasks

PowerShell automates repetitive computing tasks, enhancing productivity by offering a faster command-line interface (CLI) compared to traditional graphical user interfaces (GUIs). It simplifies app management, allowing users to reinstall or update applications more effectively than through the Microsoft Store. PowerShell also streamlines file management with the Move-Item cmdlet, which transfers files and deletes the original from the source. Users can automate scripts with Task Scheduler for routine tasks, and it supports system maintenance through cmdlets and custom scripts, benefiting both IT administrators and casual users. PowerShell's automation capabilities make it a valuable tool for optimizing computing experiences.