Category: windows
- Blocking Living of the Land binaries (LOLBINs) with Windows Firewall ()
Many types of malware and remote access trojans (RAT) today now use built-in Windows binaries to stage and infect computers. Programs commonly used in such attacks are powershell.exe, regsvr32, rundll32, certreq.exe, certutil.exe and mshta.exe. Living of the land binaries (LOLBINs) bypass protections such as AppLocker since they reside in the c:\Windows folder and/or are codesigned […]
- Moving from KMS activation to Digital License (subscription) ()
At work we are moving everything to Microsoft 365 and Azure AD and removing our on-premises environment. One of the issue we encountered was that when we removed the computer from the domain and joined Azure AD, Windows was still activated using our KMS host. In order to convert the computer to use step-up activation […]
- View CPU microcode revision from powershell ()
A small powershell snippet to show what CPU microcode revision is running and what microcode revision the BIOS provides. Example output:
- Blacklist bad memory addresses in Windows ()
Update: Following guide might not work since Predictive Failure Analysis (PFA) memory settings are not working in Windows 10 2004 and 20H2 releases. See discussion here. I recently experienced random MEMORY_MANAGEMENT BSOD on my personal computer. When consulting Microsoft Dev Center for the error code it indicated a issue with the RAM. The computer is […]