Click any tag below to further narrow down your results
Links
Microsoft released the Windows App Development CLI (winapp) in public preview. This command-line tool streamlines Windows app development by automating environment setup, package identity creation, and MSIX packaging, making it easier for developers using various frameworks.
A recent security update from Microsoft has disrupted Message Queuing (MSMQ) on older Windows systems, causing queue failures and misleading error messages. The issue stems from changed folder permissions that restrict write access, primarily affecting enterprise environments using Windows 10 and certain Windows Server versions.
Microsoft is overhauling the Windows 11 context menu with a new Split Context Menu. This update will organize options into relevant sections based on file types and introduce a modern semi-transparent design. While the feature isn't available yet, it aims to reduce menu length and improve usability.
The article argues that Linux has become a viable alternative to Windows for desktop users, especially gamers. It highlights the author's positive experiences with a specific Linux distribution called Bazzite, emphasizing ease of use and greater control over the operating system. The author encourages readers to try Linux in 2026, suggesting it offers a more personalized computing experience.
This article discusses how threat actors can exploit the Bind Link API in Windows 11 to redirect EDR folders to locations under their control, allowing them to tamper with EDR operations. It details a proof of concept tool called EDR-Redir that demonstrates this technique and highlights detection strategies for security teams.
Microsoft is disabling the NT LAN Manager (NTLM) protocol by default in Windows 11 and Windows Server to enhance security. Despite its long history, NTLM is outdated and vulnerable to attacks, prompting the shift towards more secure protocols like Kerberos. Many organizations still use NTLM, but the risks now outweigh the benefits.
This article details how to use PhantomFS, a ProjFS provider that serves files based on the accessing process. It encrypts payloads using AES-256-CBC and only decrypts them for allowed processes, effectively hiding the content from unauthorized access and analysis. The setup requires Windows SDK and admin privileges for ProjFS activation.
AppControl Manager is a tool for managing App Control and Code Integrity on Windows devices. It provides a user-friendly interface and operates securely without third-party dependencies. The application supports various Windows versions and focuses on maintaining a strong security posture.
This article explains the Projected File System (ProjFS) in Windows, which allows virtual files to be projected from a backing datastore. It covers the system's architecture, how it operates, and its potential use cases for offensive and defensive applications.
Valkyrie Stealer is a sophisticated malware that targets Windows systems to harvest sensitive information, including credentials and browser data. It employs advanced evasion techniques to avoid detection in virtualized environments and features a modular architecture for flexible data theft. The developer, known as Lawxsz, actively promotes the malware through various online platforms.
This article introduces Swarmer, a tool designed for stealthy modification of the Windows Registry without triggering endpoint detection systems. It leverages legacy Windows features, specifically mandatory user profiles and the Offline Registry API, to achieve persistence without typical detection methods. The authors share insights from its operational use in engagements over the past year.
SolyxImmortal is a Python-based malware designed to steal sensitive information from Windows users. It collects credentials, documents, and keystrokes while maintaining a low profile by using Discord webhooks for data exfiltration. The malware ensures persistence on infected systems without requiring administrative privileges.
SILPH is an open-source tool designed for red team operations, allowing users to dump LSA secrets, SAM hashes, and DCC2 credentials entirely in memory without writing to disk. It integrates with the Orsted C2 framework and runs directly on Windows, avoiding common detection methods. The tool uses advanced Windows APIs to access sensitive data while maintaining stealth.
This article outlines how to use Windows Autopatch for managing updates on Windows devices via Microsoft Intune or Microsoft Graph. It covers prerequisites, patch compliance goals, content control options, and reporting features to monitor update statuses.
NEBULA is a PowerShell tool designed for testing Windows execution and persistence methods, including LOLBAS techniques. It provides a menu-driven interface for security researchers and teams to execute tests and log results. Example payloads sourced from Atomic Red Team are included for safe experimentation.
This article explains a technique for establishing registry persistence using an NTUSER.MAN file, which allows for registry writes without triggering typical monitoring callbacks. By placing a crafted NTUSER.MAN in a user's profile directory, attackers can load persistence keys directly into HKCU during logon, avoiding detection by conventional EDR solutions.
Researchers have uncovered a new Windows malware campaign using Pulsar RAT and Stealerv37. This malware can steal passwords, crypto, and gaming accounts while allowing hackers to interact with victims through a live chat window. It evades detection by running entirely in memory and hijacking trusted system tools.
SAMDump extracts Windows SAM and SYSTEM files using Volume Shadow Copy Service without leaving traces on the target filesystem. It supports local saving and remote transfer, with options for XOR encoding to help avoid detection. The tool is implemented in multiple programming languages and requires elevated privileges to operate.
NoMoreStealer is a kernel-mode minifilter driver for Windows that monitors file system access to prevent untrusted processes from reaching protected paths. It uses allowlists for process trust and communicates with a Wails frontend for real-time notifications. The project is a demo with several limitations and should be used for educational purposes only.
The author recounts their transition from Windows to Linux after years of frustration with Microsoft's updates and bugs. They detail the challenges faced during the switch and highlight how Linux has ultimately improved their workflow, especially in software development and music production.
Microsoft addressed a problem where third-party security software falsely flagged WinSqlite3.dll, a core Windows component, as vulnerable. The company updated the DLL in January 2026, encouraging users to install the latest updates for their devices. This issue affected both Windows 10 and 11, as well as Windows Server versions 2012 to 2025.
Microsoft issued out-of-band updates to fix two critical issues affecting Windows 10, Windows 11, and Windows Server. One problem disrupts remote desktop access to Microsoft 365 Cloud PC sessions, while the other prevents some Windows 11 devices with Secure Launch from shutting down or hibernating.
This tool manages Sysmon configurations for Windows endpoints, supporting both agentless and agent-based deployments. It offers a web interface for real-time updates, event log querying, and noise analysis to optimize logging configurations.
Microsoft will integrate Sysmon into Windows 11 and Windows Server 2025 next year, eliminating the need for standalone installations. This built-in functionality will allow users to monitor and log various system events, making management easier in large IT environments.
This article discusses a C# library called ThirdEye that captures screenshots, including hidden windows, while using undocumented Windows functions. It includes installation instructions and code snippets for various capture options, including saving to files and memory.
Motionik is a tool for creating screen recordings, ideal for product demos and tutorials. It combines recording, auto-zoom, and editing features, allowing users to produce polished videos quickly without juggling multiple apps. The software supports both Mac and Windows users.
Microsoft is testing a policy that lets IT admins uninstall the Copilot app on managed devices running Windows 11 Insider Preview. This applies to devices where Copilot was not user-installed and hasn't been used in the last 28 days. Admins can enable this through the Group Policy editor.
The article discusses potential shifts in Windows market share, highlighting Microsoft's waning appeal to consumers. Key factors include a lack of innovation, a new affordable MacBook from Apple, and the rise of Linux gaming options that could attract PC gamers away from Windows.
Win11Debloat is a PowerShell script designed to simplify the process of removing unwanted pre-installed apps and modifying various Windows settings. It offers options for both casual users and system administrators to customize their Windows experience easily. The script allows for quick changes while ensuring that most modifications can be reverted later.
Microsoft is investigating a bug causing the Windows 10 KB5068781 extended security update to fail with error 0x800f0922 on corporate devices. The issue affects devices activated through the Microsoft 365 Admin Center, and no fix or workaround is currently available.
Docker Model Runner now supports vLLM on Docker Desktop for Windows, allowing developers to run AI models with high-throughput inference using NVIDIA GPUs. This update simplifies the process of running generative AI models on Windows, which previously was limited to Linux environments.
Microsoft is rolling out smartphone-like app permission prompts in Windows 11, allowing users to control access to sensitive resources like files and cameras. This change aims to enhance user consent and privacy, addressing issues with apps overriding settings or installing unwanted software. The updates are part of the Secure Future Initiative following a recent security breach.
Microsoft’s November 2025 Patch Tuesday updates resolved 63 vulnerabilities, including a critical zero-day in the Windows kernel actively under attack. The updates also addressed an Office vulnerability allowing unauthorized code execution. This month saw a significant decrease in reported flaws compared to October.
DbgNexum demonstrates a method for injecting shellcode into a target process via the Windows Debugging API and shared memory, bypassing direct memory access. It manipulates the target's execution context to load and run the payload. The example uses XORed msfvenom shellcode to spawn "calc.exe".
Named Pipes are widely used for interprocess communication on Windows, and the tool described allows security researchers and pentesters to assess applications utilizing them. It operates by creating a pipe client/server proxy with a WebSocket bridge, enabling the interception of named pipe communication, primarily for security testing purposes. The tool requires Windows and Python for setup and can be integrated with HTTP proxies like Burp.
Exploring remote EDR capabilities without traditional agents, the author demonstrates how to utilize Performance Logs and Alerts APIs for stealthy monitoring of security events on target systems. This method allows both offensive and defensive teams to enhance their visibility while avoiding the complexities of agent deployment.
The article discusses the development of a parser for Windows EVTX (Event Log) files using the Zig programming language, highlighting the efficiency and performance advantages of Zig over other languages. It details the design choices made and the implementation process, providing insights into parsing event logs effectively.
Microsoft is testing its AI-powered Windows Recall feature, which allows users to take snapshots of their active windows for easier searching of content, with a rollout to Windows 11 Insiders. Concerns over privacy led to enhancements including opt-in functionality and security measures like Windows Hello authentication. The feature is designed to help users manage snapshots while ensuring sensitive information is filtered out.
TrollRPC is a library designed to blind RPC calls based on UUID and OPNUM, primarily for bypassing security mechanisms like AMSI by modifying specific RPC calls. Recent updates include methods to block file access by antivirus software and specific instructions for Windows 10 and Windows 11 users. The tool is intended for educational purposes, emphasizing the need for creativity in bypassing security features.
Microsoft has introduced new AI agents for Windows Copilot+ PCs that allow users to modify their device settings using natural language commands, automating the process with user permission. These features, aimed at simplifying user interactions with Windows, will initially roll out to English-speaking Windows Insiders on Snapdragon devices before expanding to other hardware. Additional updates include enhancements to Windows search, image editing tools in Photos and Paint, and new functions in Notepad.
Microsoft has acknowledged a bug that causes a false alarm in the Windows Event Viewer after installing recent updates, specifically displaying an error related to the CertificateServicesClient. Users are advised to ignore the error message, which pertains to a component still under development, and Microsoft is working on a resolution. The issue affects Windows 11 24H2 and logs errors upon device restarts without impacting overall system processes.
Two new zero-day vulnerabilities in Windows have been discovered and are currently being exploited by cybercriminals. The flaws could allow attackers to execute arbitrary code and gain elevated privileges on affected systems, prompting urgent calls for users to update their software and security measures.
Microsoft's August 2025 Patch Tuesday addressed 107 vulnerabilities, including a critical zero-day in Windows Kerberos that could allow domain administrator privilege escalation. The update also fixed thirteen critical vulnerabilities, predominantly related to remote code execution and information disclosure, highlighting ongoing security challenges for Windows users.
Windows 7 experienced slower logon times for a period when users had a solid color background due to a specific delay in the system's processes. This issue is humorously likened to "waiting for Godot," as it ultimately times out and proceeds. The article briefly highlights the quirks of the operating system's behavior during that time.
Google has launched an experimental app for Windows that allows users to search for information quickly without disrupting their workflow. By pressing Alt + Space, users can access files, apps, and web searches, and utilize Google Lens for enhanced capabilities like image translation and AI-powered responses.
Microsoft has identified a new malware, Lumma, which has been found on approximately 394,000 Windows PCs. The Lumma password stealer is designed to capture sensitive login information, raising significant security concerns for users. Microsoft is urging users to take precautions to protect their devices from this threat.
The blog discusses PatchGuard, or Kernel Patch Protection (KPP), a critical security feature in Windows that protects the kernel from unauthorized modifications. It explains how PatchGuard operates asynchronously to monitor key kernel structures, triggers a blue screen of death (BSOD) upon detecting tampering, and delves into its initialization process and the challenges of reverse engineering it. Additionally, the article hints at potential bypasses for this security mechanism.
Hells Hollow introduces a novel technique for SSDT hooking, leveraging Alt Syscalls to bypass Microsoft’s PatchGuard protections on Windows 11. This method allows rootkits to intercept and manipulate system calls by modifying the KTRAP_FRAME, thus enabling a range of malicious activities while highlighting the vulnerabilities within the Windows kernel. Limitations of the technique are discussed, including its resistance to certain security measures like Hyper-V and HVCI.
Microsoft has resolved a bug affecting the 'Print to PDF' feature on Windows 11 24H2 systems, which surfaced after the April 2025 preview update. The fix is included in the KB5060829 cumulative update, and users can also manually enable the feature if they wish to avoid installing the June optional update. Additionally, previous printing issues related to USB printers were addressed by Microsoft in March.
Microsoft has revealed plans for the future of Windows, showcasing features that will allow computers to perceive the environment, including seeing and hearing like humans, and enabling conversational interactions. This advancement aims to enhance user experience and transform how people interact with their devices, making technology more intuitive and responsive.
SetupHijack is a security research tool designed to exploit vulnerabilities in Windows installer and update processes by hijacking file drops in writable directories. It allows attackers to replace legitimate files with malicious payloads, executing them with elevated privileges without needing admin access. The tool is intended for red team, penetration testing, and security research applications, emphasizing controlled and authorized use only.
The article discusses OpenAI's strategic moves related to its Windows integration and how it plans to leverage partnerships to enhance its offerings in the competitive AI landscape. It highlights the implications for users and developers as OpenAI seeks to expand its influence in the software ecosystem.
The article discusses a recent research study that reveals vulnerabilities in Windows' Endpoint Privilege Management (EPM) system, which can be exploited by attackers to gain unauthorized access and escalate privileges. Researchers detail the methodologies used to uncover these security flaws and emphasize the need for improved protective measures within the Windows operating system.
The article discusses the implementation of WebGPU support on Windows in Firefox version 141, highlighting performance improvements and new features that enhance web graphics capabilities. It also outlines the potential impact of this feature on web development and gaming experiences.
The article discusses the end of the infamous "Blue Screen of Death" in Windows operating systems, highlighting the transition to a more user-friendly error reporting system. It emphasizes how this change reflects Microsoft's efforts to improve user experience and system reliability.
ShadowCrypt is a project that enhances ransomware protection by camouflaging files with system-like extensions and hiding them in system directories, utilizing Windows shortcut files for easy access. It builds upon research from the paper "Hiding in the Crowd" and offers improved functionalities such as streamlined hiding processes, versatile recovery options, and integration with the right-click context menu for user convenience. The project aims to provide a cost-effective and user-friendly solution for secure file management on Windows systems.
Microsoft has officially changed the notorious "Blue Screen of Death" (BSOD) to a "Black Screen of Death" (BSoD) in its latest Windows update. This change is part of an effort to improve user experience and reduce confusion when system failures occur. The transition aims to modernize the error screen display while maintaining the functionality that users rely on during critical system errors.
The guide provides instructions on running Windows inside a Docker container using the dockurr/windows image, detailing configuration options for the installation process, storage, resource allocation, and network settings. Users can customize their setup, including selecting different Windows versions, adjusting hardware resources, and managing shared folders, all while ensuring compatibility with various Docker environments.
Zed has officially launched its Windows version, expanding its accessibility and functionality for users on that platform. This release aims to enhance the coding experience with improved performance and features tailored for Windows environments.
A terminal interface tool called AntiDebug is designed for testing Windows x86_64 anti-debugging techniques, created to aid in course explanations. It requires Visual Studio 2022 and includes various anti-debugging detections, which can be customized by users through callbacks. The project is open source, encouraging contributions while maintaining a focus on simplicity for beginners.
Ansible’s service module simplifies the management of services across Linux and Windows environments, allowing users to control services remotely without logging into each server. It provides a consistent interface for starting, stopping, and restarting services, which helps reduce downtime, automate operations, and manage risks in distributed IT infrastructures. The article includes practical examples and use cases to illustrate the module's functionality.
Apple is facing criticism for its new ad campaign that features a fictional "blue screen of death" (BSOD) scenario, which mocks Windows PCs. The ad has sparked discussions about the accuracy and implications of such comparisons, especially given that the BSOD is a notorious issue for Windows users. CrowdStrike, a cybersecurity firm, has also commented on the ad, emphasizing the importance of security over operating system branding.
NovaHypervisor is a defensive x64 Intel hypervisor designed to protect against kernel-based attacks by safeguarding memory structures and defense products on Windows 10 and later. Written in C++ and Assembly, it is in early development, not yet suitable for production, and includes instructions for setup, memory protection commands, and logging. Users must enable specific virtualization features to run the hypervisor effectively.
Microsoft is enhancing its Windows Update system to better manage app updates through an orchestration platform. This improvement aims to streamline the update process for users, ensuring that all applications are efficiently updated alongside the operating system. The initiative reflects Microsoft's commitment to improving user experience and software reliability.
Bugfish Nuke is a Windows tool designed for emergency data deletion, allowing users to securely erase sensitive files and system traces with customizable overwrite options. It features an advanced function to lock out system access by corrupting Windows login files, and includes user-friendly elements like customizable audio notifications during the deletion process. Users are warned against misuse and encouraged to comply with legal guidelines while using the tool.
A critical flaw in the Windows version of WhatsApp has been discovered, allowing hackers to exploit the application and potentially sneak in malicious files. Users are advised to update their software immediately to protect against these vulnerabilities and safeguard their data.
The article discusses methods for exploiting vulnerabilities in Windows drivers, aimed at beginners interested in cybersecurity and hacking. It provides insights into the process of weaponizing these drivers to gain unauthorized access or control over systems. This serves as a foundational guide for those looking to understand the intricacies of driver manipulation in the context of malicious activities.
The article delves into the kernel-mode objects and structures that manage Windows registry hives, focusing on the complex relationship between the _CMHIVE and _HHIVE structures. It explores their roles in memory management, synchronization, and transaction states, while discussing the implications for security and performance. Detailed insights on their layouts and functionalities are provided, along with the challenges of reverse-engineering undocumented structures.
The article delves into the evolution of Windows design, highlighting key milestones and design philosophies that have shaped the user experience over the years. It discusses the impact of technology advancements and user feedback on the aesthetic and functional aspects of the Windows operating system. Through this historical lens, the article illustrates how Windows has adapted to changing user needs and industry trends.
The article discusses Microsoft's new AI initiatives, specifically the launch of Windows AI Foundry, which aims to enhance the integration of artificial intelligence into the Windows operating system. It highlights the company's commitment to supporting developers and users in leveraging AI technologies effectively. Additionally, there is a focus on the implications of these developments for the future of computing and productivity tools.
Microsoft is testing a new feature in Windows 11 that prompts users to run a memory scan after a blue screen of death (BSOD) crash. This proactive diagnostic tool aims to improve system reliability by detecting and addressing memory issues that could cause system instability. Currently, the feature is rolling out to Windows Insiders and is not available for ARM64 devices or systems with certain security settings.
The article introduces Auto Dark Mode, a tool that automatically switches Windows 10 and Windows 11 between dark and light themes based on the time of day. It includes additional features such as wallpaper changes, accent color adjustments, and custom script execution, enhancing user productivity and comfort. The software is available for download via multiple platforms, including the Microsoft Store and GitHub.
The article discusses the current challenges faced by users as Microsoft has discontinued support for Windows 10, leaving many feeling frustrated with Windows 11. It highlights the difficulties in adapting to the new operating system and the implications of the transition.