templates

Winsage
June 25, 2026
Component Object Model (COM) is a technology in Windows that enables object activation, inter-process communication, and automation across different programming languages. Malware exploits COM interfaces for activities such as lateral movement, execution, downloading, exfiltration, persistence, evasion, system discovery, and automation of Windows and Office functionalities. Reverse engineering COM-heavy binaries involves navigating GUIDs and indirect vtable calls to understand malware mechanics. Research at the AVAR 2025 conference and CARO 2026 workshop discusses methodologies for analyzing COM binaries and case studies of malware families that utilize COM. COM is an application binary interface (ABI) model that allows software components to be reused and enables interaction between different programming languages through interfaces defined at the binary level. Distributed COM (DCOM) allows clients to activate COM objects on remote systems. COM classes are identified by unique class identifiers (CLSIDs), and interfaces by interface identifiers (IIDs). The Windows registry stores COM registration data, with classes and interfaces located under specific keys. Malware often acts as a COM client, utilizing the COM runtime to instantiate classes and request interfaces. ProgIDs provide human-readable registry entries for COM classes. The CoCreateInstance function helps create class objects by resolving CLSID registrations. All COM interfaces derive from IUnknown, which manages object lifetimes and interface querying. COM has its own security model, and identifying classes and interfaces used by malware is crucial for threat researchers. Tools like ComView and OleView.NET assist in inspecting COM registrations. The analysis workflow includes identifying activation API calls, extracting CLSID and IID values, consulting registry definitions, and mapping vtable calls. Qakbot, a banking trojan, exemplifies the use of COM in malware, with its architecture enabling malicious activities like credential theft. Dynamic analysis tools can log COM-related calls in real-time to trace execution flow. Notable malware families that utilize COM include Gh0stRAT, which uses Task Scheduler COM interfaces, and the Attor platform, which employs BITS for file transfers. WarmCookie demonstrates the use of COM for persistence through Task Scheduler. Understanding COM's role in malware is essential for cybersecurity professionals.
AppWizard
June 24, 2026
The author explored various personal knowledge management (PKM) tools on Android and initially avoided Obsidian due to dissatisfaction with its earlier mobile app versions, which felt cramped and outdated. However, after revisiting the redesigned Obsidian app, they appreciated its modern user interface and improved usability. Obsidian's use of plain Markdown files allows for better file management and future-proofing of notes. The app supports both quick capture of ideas and deeper exploration through linking notes and creating a cohesive knowledge base. Features like Quick Note, Daily Note widget, and Graph View enhance its functionality. Data syncing requires some setup, with options for Obsidian Sync or third-party solutions. Ultimately, Obsidian stands out as a customizable and long-lasting PKM tool for the author’s workflow.
AppWizard
June 22, 2026
Google Photos is set to introduce a new feature called Moods in version 7.81 of the app, which utilizes artificial intelligence for photo editing. Moods offers eight distinct templates: Airy Minimalist, Crisp 35mm, 2000’s Cinema, Rich Textures, Pink Digicam, Retro Contrast, Night Lights, and 2000’s Night, each designed to evoke specific visual styles. The feature aims to provide a more personalized editing experience by analyzing images individually rather than applying uniform filters. Although Moods is not yet operational, it represents a shift towards a more AI-driven editing experience in Google Photos. An APK teardown indicates potential features, but there is no guarantee they will be publicly released.
Winsage
June 22, 2026
Microsoft has recommenced the automatic installation of the Microsoft 365 Copilot application on eligible commercial Windows devices as of June 2026. The rollout targets devices running Windows 10 (22H2 or later) and Windows 11 with existing Microsoft 365 desktop applications, focusing initially on tenants with Copilot add-on licenses, expected to conclude by late July 2026. Enterprise administrators can manage this installation through a policy titled 'Disable Microsoft 365 Copilot auto-install,' introduced in May 2026. Users can manually uninstall the app, which will not be reinstalled for 90 days if removed. The rollout will not affect the European Economic Area due to exemptions under the Digital Markets Act. This resumption follows a previous halt in March 2026 due to a configuration error and backlash from users regarding the original rollout plan set for October 2025.
AppWizard
June 15, 2026
Google has filed a lawsuit against the alleged China-based "Outsider Enterprise" network for using Gemini AI to conduct extensive phishing scams. The company is working with the FBI and major telecommunications carriers, including AT&T, T-Mobile, and Verizon, to intercept scam messages. Investigators have linked the operation to over 9,000 counterfeit websites and more than one million malicious URLs, primarily targeting Android users. The "Outsider" phishing platform offered over 290 website templates for mimicking banks and other entities, utilizing AI-generated code. Google is also supporting seven bipartisan bills aimed at combating AI-driven fraud and has implemented AI-driven defenses that block over 10 billion malicious messages each month.
Winsage
June 11, 2026
In the June 2026 Security Update for Windows 11 and Windows 10, Microsoft implemented a change that prevents custom folder icons and localized folder names from appearing if derived from an untrusted "desktop.ini" file. Users may initially perceive this as a bug, as folders may revert to default settings without user intervention. To maintain customizations, organizations should add trusted sources to the "Trusted Sites" list via Control Panel. Businesses can enable the "Allow the use of remote paths in file shortcut icons" policy through the Group Policy Editor, although this may reduce security. Users can also remove the Mark-of-the-Web tag from trusted "desktop.ini" files using PowerShell commands. This update reflects a broader trend of prioritizing security over customization in the operating system.
Winsage
June 10, 2026
Microsoft has released Windows 11 Experimental build 26300.8553, which includes customizable Start menus, enhanced search functionalities, and a refined Taskbar. A significant upgrade is the rebranding of the Modern Print Platform to Windows Ready Print, aimed at modernizing and securing the printing process. Microsoft is phasing out support for third-party printer drivers via Windows Update, transitioning to the Internet Printing Protocol (IPP) and the native Windows IPP printer driver. Starting July 2026, new printer installations on eligible devices will default to Windows Ready Print, though users can choose between Windows Ready Print and the traditional OEM process. This setting can be adjusted through the printer preferences in Settings and modified via Group Policy. Users can also enable Windows protected print mode to default to Windows Ready Print.
Winsage
June 10, 2026
Microsoft has released the Windows 10 KB5094127 extended security update, which addresses vulnerabilities identified during the June 2026 Patch Tuesday and enhances monitoring of updated Secure Boot certificates. Users on Windows 10 Enterprise LTSC or enrolled in the ESU program can install it via the Windows Update settings. The update upgrades Windows 10 to build 19045.7417 and Windows 10 Enterprise LTSC 2021 to build 19044.7417. It focuses on security enhancements and bug fixes, resolving a total of 200 vulnerabilities, including three zero-day flaws. Key features include improved File Explorer search functionality for Chinese text and UTF-8 encoded files, dynamic status reporting for Secure Boot states, a new policy setting to limit Secure Boot service data sent to Microsoft, and enhanced targeting data for automatic receipt of new Secure Boot certificates. A known issue may cause BitLocker recovery notifications on certain systems, particularly those with specific BitLocker Group Policy settings. Microsoft recommends removing the Group Policy setting and suspending/resuming BitLocker as a temporary fix.
Search