Archiv: Windows (operating system)

03.03.2021 - 14:43 [ ]

Privacy by Default: p=p security

Support for all established encryption methods. And all your devices. Fully automatic. For your peace of mind. And your convenience.

03.03.2021 - 12:56 [ ]

Simple DNSCrypt

Simple DNSCrypt is a simple management tool to configure dscrypt-proxy on windows based systems.

24.02.2021 - 11:12 [ Microsoft ]

Besitz von Dateien und Verzeichnissen übernehmen und Zugriffsberechtigungen verwalten

Besitz übernehmen

Klicken Sie die Datei oder den Ordner mit der rechten Maustaste an und wählen Sie den untersten Eintrag Eigenschaften.

Dann klicken Sie auf die Registerkarte Sicherheit und anschließend auf die Schaltfläche Erweitert.


24.02.2021 - 11:09 [ ]

Trusted Installer sperrt Dateien – was nun?


Der Prozess TrustedInstaller.exe, auch bekannt als Windows Modules Installer gehört zum Microsoft Windows Betriebssystem. Die Datei befindet sich im Unterverzeichnis C:\Windows\Servicing. Der Trusted Installer ist unter anderem für die Installation von Windows Updates zuständig und läuft nicht dauerhaft.

24.02.2021 - 10:51 [ ]

Tips with two easy steps to remove PKTMON.EXE file.

In this article I will give you tips with two easy steps to turn off pktmon.exe process, and then I will show you how to block pktmon.exe from running in your computer.

24.02.2021 - 10:47 [ ]

Windows 10 quietly got a built-in network sniffer, how to use


Microsoft has quietly added a built-in network packet sniffer to the Windows 10 October 2018 Update, and it has gone unnoticed since its release.

A packet sniffer, or network sniffer, is a program that monitors the network activity flowing over a computer down to an individual packet level.

17.02.2021 - 18:35 [ ]

How to enable or disable TLS 1.3 in Windows 10

– Type inetcpl.cpl in the Run prompt (Win + R) and press the Enter key
– It will open the Internet Properties window. Switch to the Advanced section
– Under the security section, check the box against TLS 1.3
– Restart the browser

31.01.2021 - 22:21 [ ]

Mesh – Get a secure, anonymous, peer-to-peer instant messenger

Technitium Mesh is a secure, anonymous, peer-to-peer (p2p), open source instant messenger designed to provide end-to-end encryption. Primary aim of developing this instant messenger is to provide privacy which is achieved using cryptography and anonymity using Tor network. It can be used over Internet and private LAN networks (without Internet) for instant messaging and file transfer with support for private chats and group chats.

30.01.2021 - 16:01 [ ]

Simple DNSCrypt

Simple DNSCrypt is a simple management tool to configure dscrypt-proxy on windows based systems.

18.01.2021 - 16:00 [ ]

Simple DNSCrypt

Simple DNSCrypt is a simple management tool to configure dscrypt-proxy on windows based systems.

08.01.2021 - 23:32 [ ]

Spoofing: Neue DNS-Angriffsmethode entdeckt

(13. November 2020)

Nachdem der Quellport de-randomisiert worden sei, sei es möglich gewesen, eine böswillige IP-Adresse einzuschleusen und so erfolgreich einen DNS-Cache-Poisoning-Angriff durchzuführen. Die Details haben die Forscher im Paper „DNS Cache Poisoning Attack Reloaded: Revolutions with Side Channels“ publiziert.

Weitere Experimente unter realistischen Serverkonfigurationen und Netzwerkbedingungen würden zudem zeigen, dass ihre grundlegende Methode leicht an das gesamte DNS-System angepasst werden könnte.

08.01.2021 - 23:04 [ ]

SAD Reality for DNS

The researchers determined that 35% of open resolvers are open to the attack, as well as four of six home routers made by well-known brands.

They also found that 12 of 14 popular public resolvers (now 11—Cloudflare says they’ve corrected their systems) are susceptible. Even a patched DNS server could be made vulnerable by an unpatched or misconfigured NAT gateway.

Their 19-page paper on the exploit includes lists of devices and services tested. They have since set up a SAD DNS website featuring a Q&A and a tool that anyone can use to determine whether their DNS is vulnerable.

The flaw is being tracked as CVE-2020-25705, and affects Linux 3.18 – 5.10, Windows Server 2019 version 1809 and newer, macOS 10.15 and newer, and FreeBSD 12.1.0 and newer. The researchers did not test earlier versions of the listed operating system.

16.05.2018 - 14:17 [ ]

SynAck ransomware circumvents antivirus software through Doppelgänging technique

(8.5.2018) Process Doppelgänging was first revealed by enSilo researchers at Black Hat Europe in December last year.

The attack technique targets the Microsoft Windows operating system and is designed to circumvent traditional security software and antivirus solutions by exploiting how they interact with memory processes.

16.05.2018 - 13:57 [ ]

Lost in Transaction: Process Doppelgänging

• Advanced Code Injections Overview
• GhostWriting
• AtomBombing
• PowerLoader + PowerLoaderEx
• PROPagate
• Reflective Loading
• Process Hollowing
• Injection method from over 10 years ago
• Has never received much attention


• Brief history of evasion techniques
• AV scanners
• Transacted NTFS (TxF)
• Evolution of Windows process loader

16.05.2018 - 13:18 [ ]

Microsoft’s Response to AtomBombing is Post-Infection Detection

(21.7.2017) The Microsoft update that addresses both “Process Hollowing” and “AtomBombing” will only be available for those that have purchased Windows Defender and will only be available in October or November 2017. Windows Defender ATP has only been addressing security issues for less than a year and Windows customers have to purchase Windows Defender ATP.

03.05.2018 - 11:21 [ ]

CPU Utilization Is Wrong on PCs, and Getting Worse Every Year

But the takeaway is this: CPU utilization, as reported by Windows, is often incorrect. All too often, what looks like CPU usage is actually a stalled CPU waiting to do something useful.

29.03.2018 - 10:46 [ Digital Trends ]

Microsoft’s Windows 7 Meltdown update granted access to all data in memory

“Windows 7 already did the hard work of mapping in the required memory into every running process,” Frisk states. “Exploitation was just a matter of read and write to already mapped in-process virtual memory. No fancy APIs or system calls required — just standard read and write!”