webinar Archives

Tech Optimizer

April 11, 2025

Windows Defender Antivirus Bypassed Using Direct Syscalls & XOR Encryption

A recent study has revealed a method that bypasses Microsoft’s Windows Defender antivirus by using direct system calls and XOR encryption techniques, exposing vulnerabilities in the security solution. The technique targets the user mode and kernel mode operations of Windows, allowing attackers to execute harmful code without detection. Researchers demonstrated that by directly invoking syscall instructions, they could evade security monitoring that typically occurs at the user mode level. They utilized XOR encryption to obfuscate malicious shellcodes, making them unrecognizable and undetectable by signature-based systems. Tests showed that a Meterpreter reverse shell payload, encrypted with XOR and executed via direct syscalls, successfully bypassed Windows Defender protections without leaving traces on the disk. This method has been effective since at least 2022 and continues to work against recent updates of Windows Defender. The researchers recommend that Microsoft enhance defenses with kernel-level monitoring of syscalls and advise organizations to implement additional security measures beyond Windows Defender.

Winsage

April 9, 2025

Windows Common Log File System 0-Day Vulnerability Exploited in the Wild

A critical zero-day vulnerability in the Windows Common Log File System (CLFS) driver, identified as CVE-2025-29824, is actively exploited, allowing attackers to elevate privileges to SYSTEM level and compromise system integrity. This flaw arises from a use-after-free issue within the CLFS driver, enabling local attackers to execute malicious code. Microsoft is aware of the exploitation and is working on a security update, but no immediate patch is available. The vulnerability affects multiple versions of Windows 10, including x64-based and 32-bit systems, and can lead to privilege escalation, data breaches, operational disruption, and malware deployment. Microsoft has classified this vulnerability as "Important" and urges organizations to apply patches promptly once available.

AppWizard

March 19, 2025

Exclusive Liquid Web Webinar: Learn to Resell Minecraft Servers & Claim 4 Free Months of Hosting

26% of players are willing to invest more for superior server hosting in the gaming sector. Liquid Web is hosting a free webinar on March 27th at 2 PM EST titled "How to Start Selling Minecraft Servers," aimed at helping gaming enthusiasts turn their passion into a business. The Minecraft community has over 173 million active players, with one in four willing to invest in enhanced hosting tools to improve performance. Pre-registered attendees will receive four complimentary months of bare metal hosting with an annual plan. The webinar will cover the business opportunity, market potential, technical requirements, reseller process, pricing strategies, and include a Q&A session with experts.

Winsage

February 25, 2025

TSforge – A New Tool Exploits Every Version of Windows Activation

Security researchers from MASSGRAVE have developed TSforge, a tool that exploits vulnerabilities in Microsoft’s Software Protection Platform (SPP) to activate all Windows versions from Windows 7 onward, as well as various Office suites. This marks the first successful attack on SPP’s cryptographic defenses since its introduction in Windows Vista. The exploit involves manipulating encrypted “trusted stores” used by SPP to validate software activation. Researchers reverse-engineered SPP’s private key infrastructure, using leaked Windows 8 beta builds, to forge activation data and deceive SPP into accepting permanent licenses. The process includes extracting SPP’s RSA private key, simulating ExecCodes to derive the private exponent, and decrypting the AES key that protects activation data. TSforge can inject zeroed hardware ID hashes, precomputed product key blobs, and timestamped license metadata with validity windows of over 4000 years. The tool is compatible with different Windows versions, affecting both Windows 7 and Windows 10. Microsoft has not commented on the exploit, but enterprise clients using KMS should check their activation logs for spoofed status codes. Although TSforge is not publicly available, it reveals significant vulnerabilities in SPP’s security model, which may impact enterprise licensing strategies as the end-of-life for Windows 10 approaches in 2025.

AppWizard

February 24, 2025

Android App on Google Play Targets Indian Users to Steal Login Credentials

A recently uncovered Android application, Finance Simplified (package: com.someca.count), is a malware platform disguised as a financial management tool for Indian users. It has rapidly gained downloads, increasing from 50,000 to 100,000 in one week. The app uses location-based targeting to present unauthorized loan applications and redirects users to external websites that bypass Google Play’s security. It requests extensive permissions, including access to location data, contacts, call logs, SMS messages, clipboard content, and external storage, and stealthily collects sensitive information like passwords and credit card numbers, which are sent to a command-and-control server on Amazon EC2. The app employs tactics such as dynamic WebView manipulation to present fake loan applications, persistent data harvesting, and blackmail through altered user photos. Finance Simplified is part of a network of fraudulent apps that falsely claim registration with Indian financial regulators and have been removed from the Play Store for fraudulent activities. Users are advised to scrutinize app permissions and avoid downloading unverified applications.

AppWizard

February 24, 2025

Android App on Google Play Attacking Indian Users To Steal Login Credentials

A sophisticated Android malware campaign named "SpyLend" has infiltrated the Google Play Store, posing as a financial utility app called "Finance Simplified" (package: com.someca.count), targeting Indian users. Launched in February 2025, it has over 100,000 downloads. The app initially appears as a finance calculator but changes its interface based on user geolocation. For Indian users, it loads content from adv[.]rp5[.]org, redirecting them to unauthorized loan applications and external servers to download malicious APKs. SpyLend requests invasive permissions under the guise of identity verification, leading to harassment and blackmail of users. It exploits Android’s WebView API and a custom command-and-control (C2) server to retrieve loan application listings and exfiltrate device metadata. The malware captures clipboard data every three seconds, allowing it to steal sensitive information such as passwords and credit card details. The C2 infrastructure, located at 16[.]163[.]9[.]142, collects stolen SMS messages, call logs, and app lists, with evidence suggesting involvement of Chinese threat actors. Despite Google Play Protect, SpyLend can evade detection through real-time payload updates. Users are advised to review app permissions and avoid third-party APKs, while enterprises are encouraged to implement endpoint detection tools and blacklist certain indicators of compromise.

Tech Optimizer

February 14, 2025

PostgreSQL Terminal Tool Injection Vulnerability Allows Remote Code Execution

Researchers have identified a SQL injection vulnerability, CVE-2025-1094, in PostgreSQL's interactive terminal tool, psql. This vulnerability is linked to another vulnerability, CVE-2024-12356, related to remote code execution in BeyondTrust's products. CVE-2025-1094 arises from a flawed assumption about the security of escaped untrusted input and allows attackers to inject malicious SQL statements due to the processing of invalid UTF-8 characters. It has a CVSS 3.1 base score of 8.1, indicating high severity, and can lead to arbitrary code execution through psql's meta-command functionality. The vulnerability affects all supported PostgreSQL versions prior to 17.3, 16.7, 15.11, 14.16, and 13.19. Users are advised to upgrade to these patched versions to mitigate risks. A Metasploit module targeting this vulnerability has been developed, emphasizing the urgency for organizations to implement patches.

Tech Optimizer

February 3, 2025

Threat Actors Selling Nunu Stealer On Hacker Forums

The integration of security practices into Continuous Integration and Continuous Deployment (CI/CD) workflows is essential for enhancing security and efficiency in the development lifecycle. A free webinar will feature Phani Deepak Akella and Karthik Krishnamoorthy discussing best practices for embedding application security within CI/CD processes, utilizing tools like Jenkins and Jira. Key points include automating security scans in the CI/CD pipeline, gaining real-time insights into vulnerabilities, prioritizing fixes in Jira, and reducing risks and costs by addressing vulnerabilities before production. The session targets professionals interested in improving their DevSecOps knowledge and security measures.

Winsage

December 11, 2024

Windows 10 support is ending. Why should you upgrade to Windows 11 now?

Date of the online workshop: December 20, 2024 Time: 3:00 PM - 4:00 PM Format: Online Webinar Key topics covered in the webinar: - Assessing technical devices for Windows 11 Pro deployment - Increasing competitive edge with performance and AI-enhanced features in Windows 11 Pro - Simplifying deployment for a smooth transition to Windows 11 Pro Reported benefits of Windows 11 Pro: - 58% drop in security incidents with new devices - 42% faster completion of demanding workloads on average - 62% drop in security incidents due to hardware-backed protection - 25% faster deployment of modern Windows 11 Pro PCs - All-day battery life and accelerated performance options available Speaker: Rajesh Sharma, Commercial Master Trainer at Microsoft Quote from Yusuf Mehdi, Executive Vice President, Consumer, CMO, Microsoft: “With the Windows 10 End of Support moment, now is the time to move to Windows 11 with confidence.” Testimonial from Thomas Kaiser, Technical Lead, IT at Klöckner Pentaplast: Migration to Windows 11 has significantly reduced the time required for PC upgrades.