Windows Server riddle anyone? If you configure the Centralized Certificate Store for IIS, PFX files are periodically polled. 1. How often? 2. How to change the interval? Good luck! :)

Am I an influencer? Who knows! But you can expect three tweets about the BenQ #ScreenBarPro soon. 😄 A couple of weeks ago, BenQ Lighting EU reached out to see if I wanted to review their product. My workspace isn't ideal - I don't have a typical desk lamp, and neither my key

I am happy to announce JonMon2.0 has been published. 2.0 offers a lot of feature updates, as well as stability. More features still to come as time goes on. Enjoy and let me know if you have any issues or questions. Link: github.com/jsecurity101/J…

I knew CVE-2025-21293 is more dangerous than it looks at the first sight...

Am I an influencer? Still no idea, but it’s high time for the second tweet about the BenQ #ScreenBarPro I have obtained from BenQ Lighting EU some time ago. I have installed it of course, and the first experience was great. I would never suppose I can write it, but I really love

Is your window stuck outside of visible area of the desktop? Happened again a moment ago and it's always a good reason to share the tip: Alt+Space -> M -> Arrow key and move your mouse. Or bring all windows back with a simple piece of PowerShell: github.com/gtworek/PSBits… And

You might be optimistic, but you'll never out-optimistic the Software Protection service.

Stealing a password from a process trying to launch a child process as a different user? Sure, it's easy when you spot CreateProcessWithLogonW() and then observe where the R8 points to. Enjoy the short video showing all the steps you need to take: youtu.be/pubsrWBHsZM

After my latest newsletter issue, diversenok reached out to me with an interesting observation: a password can be encrypted and still functions identically to a cleartext one in CreateProcessWithLogonW(). 😮 This brought up two intriguing questions: 1. How can I decrypt

Can you guess the DLL name by its exports? 😅

Grzegorz Tworek no grzegorz wtf is wrong with you

By making minor changes to command-line arguments, it is possible to bypass EDR/AV detections. My research, comprising ~70 Windows executables, found that all of them were vulnerable to this, to varying degrees. Here’s what I found and why it matters 👉 wietze.github.io/blog/bypassing…

TIL: Hover your mouse over the image in Edge and press Ctrl twice. 😍

Are you feeling playful? Show courage! "pssuspend.exe services.exe" Effects are quite weird as any access to SCM/services ends with an indefinite waiting (a.k.a. hang) and no one really knows when and why expect such access in a live system.

Can't kill sysmon.exe anymore? Cut it off from its own log by stopping ETW logger! LocalSystem required, of course.

Did you know Windows has built-in RAM disk? Not just your regular RAM disk. It's pmem/nvdimm, via scmbus.sys built-in hack! That means you can make 🦆🦆🦆 #dax volume, so data/image mappings (section views) will use "drive" directly! No data persistence; ws22/w11+. EZ 📀 create: