server Archives

Winsage

December 27, 2024

Sophos report reveals growing misuse of trusted Windows tools

Sophos has reported a 51% increase in the exploitation of "living off the land" binaries (LOLBins) since 2021, with an 83% rise over the past three years. In an analysis of nearly 200 incident response cases in the first half of 2024, 187 distinct Microsoft LOLBins were identified, with remote desktop protocol (RDP) being the most targeted, appearing in 89% of incidents. Compromised credentials are the leading cause of cyberattacks, responsible for 39% of incidents, despite a decrease from 56% in 2023. The LockBit ransomware group remains the most prevalent threat, accounting for 21% of infections. Additionally, 21% of compromised Active Directory servers were found to be operating beyond Microsoft’s mainstream support, making them more vulnerable. Sophos emphasizes the importance of proactive monitoring and regular system updates to mitigate these risks.

Winsage

December 27, 2024

Windows Ugly Sweater winner of last year is …

The readers of The Register participated in a light-hearted competition, with the winner receiving a Windows XP Christmas sweater. Suggestions for the placement of Microsoft’s Copilot included integrating it into itself, incorporating it into Microsoft Flight Simulator 2024, replacing elected officials, and providing blunt advice in Excel. A straightforward suggestion was made to simply ask the AI what to do. ChatGPT humorously proposed unconventional ideas for Copilot's placement, such as assisting in the bathroom or helping with toasting bread. Sureo's suggestion to ask the AI was deemed the most sensible, leading to their win of the XP sweater.

Winsage

December 26, 2024

How I virtualized my Windows 11 PC using Disk2vhd and VirtualBox

Virtualization technology allows users to create a virtualized instance of their primary operating system using tools like Disk2vhd and VirtualBox. Disk2vhd is a free utility that converts storage drives into .vhd files for Physical to Virtual migration of Windows 11. The process involves downloading Disk2vhd, running it with administrator privileges, selecting drives, and creating the .vhd file while disabling the Use vhdx and Prepare for use in virtual PC options, but enabling Use Volume Shadow Copy for external drives. To deploy a virtual machine in VirtualBox, users must ensure CPU virtualization is enabled in the BIOS, install VirtualBox, and create a new VM by specifying its name, storage folder, type as Microsoft Windows, and version as Windows 11 (64-bit). Users then allocate memory and processors, select the option to use an existing virtual hard disk, browse for the .vhd file, and finish the setup. Once the VM is deployed, it should boot into the Windows 11 environment. If it loads the recovery environment, users can follow prompts to repair the system. However, running Windows 11 in a VM may lead to performance issues unless the host system has a high-end processor and sufficient RAM and CPU cores allocated. This project allows experimentation with the daily driver without risking its integrity.

Winsage

December 26, 2024

New Sophisticated Attack Weaponizes Windows Defender to Bypass EDR

A new attack technique exploits Windows Defender Application Control (WDAC) to disable Endpoint Detection and Response (EDR) sensors on Windows systems. Attackers with administrative privileges can create and deploy custom WDAC policies that prevent EDR sensors from loading during system boot, leaving networks vulnerable. The attack involves three phases: crafting a malicious WDAC policy, rebooting the machine to enforce the policy, and disabling the EDR upon reboot. A proof-of-concept tool called "Krueger" has been developed for this purpose. Mitigation strategies include enforcing WDAC policies via Group Policy Objects (GPOs), applying the principle of least privilege, and implementing secure administrative practices.

AppWizard

December 26, 2024

Devoted Dad Quit His Job to Run First Minecraft Server for Autistic Kids

In 2013, Stuart Duncan, known as AutismFather, created Autcraft, a dedicated Minecraft server for children with autism and their families, to provide a safe and inclusive online environment. This initiative was inspired by his son's love for Minecraft and the bullying faced by many children on the autism spectrum in traditional gaming spaces. Duncan left his job as a web developer to focus on Autcraft full-time, which now serves over 17,000 players. The server includes supportive features like the "Bully Board" for sharing experiences of bullying and emphasizes community connection and mutual support.

AppWizard

December 26, 2024

What is Minecraft Minepal mod?

The Minecraft Minepal mod introduces an AI-driven non-player character (NPC) that interacts with players in a lifelike manner, powered by ChatGPT. It supports 55 languages and is compatible with Windows, Mac, and Linux, available for free and supporting up to Minecraft version 1.20.4. The NPC can engage in voice chat, assist in constructing structures, accompany players, gather and craft blocks, perform tasks like cooking and repairing, and can be customized in appearance and personality. Installation involves downloading the standalone Minepal application, entering the Minecraft username, specifying the host, selecting the Java version, and launching Minecraft to introduce the NPC into the game.

Winsage

December 24, 2024

Windows Central Tech Awards 2024 — Ranking the top PCs, tools, accessories, and software innovations of the year

This year has seen significant advancements in consumer technology, particularly in artificial intelligence, highlighted by Microsoft's Copilot+ PC initiative in collaboration with Qualcomm's Snapdragon X Elite processor, introducing fanless, battery-efficient laptops to the Windows ecosystem. AI companies like OpenAI have expanded their offerings, prompting competitors such as Google, xAI, and Facebook to enhance their products. New brands like XREAL have emerged, while established companies like ASUS have innovated with dual-screen laptops. Accessory manufacturers have also improved their products. The Windows Central Tech Awards for 2024 recognize standout devices and features across various categories, including Tech Innovator of the Year, Best Processor, Best Overall Laptop, Best Keyboard, Best Pre-Built Gaming PC, Best Mini PC, Best Gaming Laptop, Best Gaming Headset, Best Tech Accessory, Best Monitor, Best Gaming Input, Best Gaming Hardware, Best Desktop All-in-One, Best Budget Laptop, Best Business Laptop, Best Mobile App for Windows Users, Best Windows Feature, Best Mouse, and Best Windows PC App. Looking ahead to 2025, advancements in AI, robotics, cloud computing, and potential breakthroughs in 6G and quantum computing are anticipated, with Microsoft focusing on AI server technology acquisitions and developments in PC gaming handhelds and new Xbox hardware.

Winsage

December 24, 2024

5 ways to control your Smart home from your Windows PC

Smart home technology offers convenience and control through various applications. The Home Remote app connects to smart devices for a one-time payment, but does not support brands like Ring and Nest. SmartThings, acquired by Samsung, supports over 100 brands and 1,000 devices but has limitations in accessing device details and creating new automations. Microsoft's Phone Link app allows users to mirror Android apps on a PC, requiring the phone to remain unlocked. The Google Home Web Dashboard enables monitoring of Nest camera feeds and triggering automations set on mobile devices, but does not allow direct control of devices. Amazon's Alexa app is compatible with many smart home devices and is the only voice assistant available on Windows PCs, though it is not found in the Microsoft Store. Overall, managing smart home devices from a Windows PC may lack the depth of mobile applications.

Tech Optimizer

December 24, 2024

‘Fix It’ social-engineering scheme impersonates several brands

Malicious actors are increasingly exploiting web browsers to deliver malware, often bypassing conventional antivirus defenses through sophisticated social engineering. A notable tactic involves copying harmful commands into the clipboard, allowing victims to execute them unknowingly. Recent investigations revealed a campaign using malicious advertisements and counterfeit pages that mimic reputable software brands, leading victims to a fake Cloudflare notification that prompts them to execute specific key combinations. This process triggers PowerShell code that retrieves and installs malware. The investigation began with a suspicious advertisement for a 'notepad' application, which redirected users to a Cloudflare-like page asking them to verify they are human. Instead of a standard CAPTCHA, users encountered a prompt instructing them to follow steps that would inadvertently execute a malicious command. By clicking a 'Fix It' button, the harmful command is copied to the clipboard, and users are led to paste and run it, initiating a download from a remote domain. The campaign targeted several brands, including Microsoft Teams, FileZilla, UltraViewer, CutePDF, and Advanced IP Scanner. The same domain linked to the malicious PowerShell command for Notepad++ also appeared in another campaign. Indicators of compromise include various malicious domains and URLs associated with the malware and its command and control server. Malwarebytes provides protection against these threats.

Winsage

December 23, 2024

What to do when Windows 10 Print Management is missing

The Print Management Console is a utility in Windows 10 that allows desktop administrators to manage printer settings and configurations. It may be missing from some Windows 10 deployments, particularly in the Home edition and in installations from Windows 10 version 2004 onwards, where it became an optional feature. To check for its presence, users can run the command PrintManagement.msc. If absent, it can be installed using PowerShell with the command Get-WindowsCapability -Name "Print.Management.Console*" -Online | Add-WindowsCapability -Online or through the Windows GUI by navigating to Settings > System > Optional Features and adding it from there. The console is particularly useful for managing multiple printers, controlling access permissions, and monitoring print jobs.