UniFi Network

Ports

Radios

References

• Function : This service collects and sends your computer's usage and diagnostic data to Microsoft to improve the Windows user experience.

• Why disable it : Disabling this service reduces background CPU and network resource consumption and enhances personal privacy protection, preventing your usage data from being collected.

• Potential impact : Disabling this feature may affect some functions that rely on telemetry data, such as automatic updates and feedback functions, but it will have little impact on the daily use of most users.

• Features : Provides content indexing, attribute caching, and search results for files, emails, and other content.

• Why disable it : While it makes file searching more convenient, the Windows Search service continuously builds a file index in the background, consuming significant CPU and disk resources, especially when dealing with a large number of files. Users who don't frequently use the system search function or use third-party search tools (such as Everything) can disable it.

• Potential impact : Disabling this feature will slow down the speed at which you can find files, apps, and settings using the Windows built-in search box.

Of course, we can use a third-party search tool like Everything to replace Windows' built-in search function. The results are absolutely phenomenal; both its search speed and efficiency far surpass the system's built-in search service. And it's completely free!

• Function : By analyzing the user's memory usage patterns, frequently used applications are preloaded into memory, thereby speeding up program startup.

• Why disable it : For users of solid-state drives (SSDs), since SSDs themselves have extremely fast read and write speeds, the performance improvement brought by SysMain is limited, and may even increase the disk load due to continuous background read and write operations.

• Potential impact : Disabling this feature may slightly slow down the initial launch speed of some infrequently used applications.

• Functionality : Manages all local and network print queues and controls all print jobs.

• Why disable it : If you don't use the printer, or only use it occasionally, this service running continuously in the background will consume a small amount of system resources. Disabling it when printing is not needed will free up these resources.

• Potential impact : Printing will be impossible after disabling the service. You will need to re-enable the service if you require to use the printer.

• Functionality : Provides applications with the ability to capture, compare, process, and store biometric data, supporting functions such as fingerprint recognition and facial recognition.

• Why disable it : If your computer does not have a biometric device such as a fingerprint reader or infrared camera, or if you do not use features such as Windows Hello, then it is safe to disable this service to save resources.

• Potential impact : After disabling, all biometric-related functions (such as fingerprint login) will be unavailable.

• Function : Allows remote users to modify registry settings on this computer.

• Why disable it : For the vast majority of home users, remote modification of the registry is almost unnecessary. Disabling this service can improve system security and prevent potential malicious attacks.

• Potential impact : Disabling this feature will prevent remote management of the local registry over a network. This may affect users who require remote technical support or network management.

Program Compatibility Assistant Service

• Function : Provides support for the application compatibility assistant, monitors the programs installed and run by users, and detects known compatibility issues.

• Why disable it : This feature sometimes misjudges programs that have no compatibility issues as problematic, causing frequent pop-up prompts and affecting user experience. Experienced users can identify and handle program compatibility issues themselves, so this service can be disabled.

• Potential impact : After disabling, the system will no longer automatically prompt for program compatibility issues, requiring users to manually set compatibility mode to run some older applications.

iwr -useb https://christitus.com/win | iex

irm christitus.com/win | iex

Videos

• Function : This service collects and sends your computer's usage and diagnostic data to Microsoft to improve the Windows user experience.

• Why disable it : Disabling this service reduces background CPU and network resource consumption and enhances personal privacy protection, preventing your usage data from being collected.

• Potential impact : Disabling this feature may affect some functions that rely on telemetry data, such as automatic updates and feedback functions, but it will have little impact on the daily use of most users.

• Features : Provides content indexing, attribute caching, and search results for files, emails, and other content.

• Why disable it : While it makes file searching more convenient, the Windows Search service continuously builds a file index in the background, consuming significant CPU and disk resources, especially when dealing with a large number of files. Users who don't frequently use the system search function or use third-party search tools (such as Everything) can disable it.

• Potential impact : Disabling this feature will slow down the speed at which you can find files, apps, and settings using the Windows built-in search box.

Of course, we can use a third-party search tool like Everything to replace Windows' built-in search function. The results are absolutely phenomenal; both its search speed and efficiency far surpass the system's built-in search service. And it's completely free!

• Function : By analyzing the user's memory usage patterns, frequently used applications are preloaded into memory, thereby speeding up program startup.

• Why disable it : For users of solid-state drives (SSDs), since SSDs themselves have extremely fast read and write speeds, the performance improvement brought by SysMain is limited, and may even increase the disk load due to continuous background read and write operations.

• Potential impact : Disabling this feature may slightly slow down the initial launch speed of some infrequently used applications.

• Functionality : Manages all local and network print queues and controls all print jobs.

• Why disable it : If you don't use the printer, or only use it occasionally, this service running continuously in the background will consume a small amount of system resources. Disabling it when printing is not needed will free up these resources.

• Potential impact : Printing will be impossible after disabling the service. You will need to re-enable the service if you require to use the printer.

• Functionality : Provides applications with the ability to capture, compare, process, and store biometric data, supporting functions such as fingerprint recognition and facial recognition.

• Why disable it : If your computer does not have a biometric device such as a fingerprint reader or infrared camera, or if you do not use features such as Windows Hello, then it is safe to disable this service to save resources.

• Potential impact : After disabling, all biometric-related functions (such as fingerprint login) will be unavailable.

• Function : Allows remote users to modify registry settings on this computer.

• Why disable it : For the vast majority of home users, remote modification of the registry is almost unnecessary. Disabling this service can improve system security and prevent potential malicious attacks.

• Potential impact : Disabling this feature will prevent remote management of the local registry over a network. This may affect users who require remote technical support or network management.

Program Compatibility Assistant Service

• Function : Provides support for the application compatibility assistant, monitors the programs installed and run by users, and detects known compatibility issues.

• Why disable it : This feature sometimes misjudges programs that have no compatibility issues as problematic, causing frequent pop-up prompts and affecting user experience. Experienced users can identify and handle program compatibility issues themselves, so this service can be disabled.

• Potential impact : After disabling, the system will no longer automatically prompt for program compatibility issues, requiring users to manually set compatibility mode to run some older applications.

iwr -useb https://christitus.com/win | iex

irm christitus.com/win | iex

Videos

The main ExpanDrive application for Windows, Mac, and Linux is now completely free for personal use.

Commercial, academic, or government use is also free for enterprises where fewer than 10 people use ExpanDrive across the enterprise during a calendar year.

Other Windows packages:

FreeFileSync

• https://freefilesync.org/tutorials.php

1. Change comparison settings
2. Start comparison
3. Include/exclude specific files
4. Change synchronization settings
5. Start synchronization
6. Add folder pairs
7. Select left and right folders
8. Save/load configuration
9. Tree overview panel
10. Preview synchronization
11. Select categories to show on grid
12. Synchronization statistics

Pro:

1. Set up is simple

2. Speed is faster

2. Support multiple cloud storage

Con:

1. Not able to mount it as a drive to system

2. Not easy to configure sync

Upload / Download / Sync

For OneDrive:

Throttled Messages

Preference:

Air Live Drive

 Air Live Drive will need license for OneDrive for Business.

Videos

The main ExpanDrive application for Windows, Mac, and Linux is now completely free for personal use.

Commercial, academic, or government use is also free for enterprises where fewer than 10 people use ExpanDrive across the enterprise during a calendar year.

Other Windows packages:

FreeFileSync

• https://freefilesync.org/tutorials.php

1. Change comparison settings
2. Start comparison
3. Include/exclude specific files
4. Change synchronization settings
5. Start synchronization
6. Add folder pairs
7. Select left and right folders
8. Save/load configuration
9. Tree overview panel
10. Preview synchronization
11. Select categories to show on grid
12. Synchronization statistics

Pro:

1. Set up is simple

2. Speed is faster

2. Support multiple cloud storage

Con:

1. Not able to mount it as a drive to system

2. Not easy to configure sync

Upload / Download / Sync

For OneDrive:

Throttled Messages

Preference:

Air Live Drive

 Air Live Drive will need license for OneDrive for Business.

Videos

Cloudflare R2 is an object storage provider similar to Amazon S3, which allows for storing large amounts of unstructured data. Cloudflare R2 is S3-compatible, so it is able to utilize some of the already created S3 libraries, extensions, and tools. One of the core benefits of Cloudflare’s offering, is that there are no egress charges, which some other companies charge when data is accessed externally. And depending on volume of requests and how much data is being requested, that can become costly.

More information can be found here.

Cloudflare R2 offers a forever free tier, that includes:

• 10 GB Storage per month
• 1,000,000 Class A Operations per month
• 10,000,000 Class B Operations per month

If you need to go past these limits or your utilization is past these limits, then the following is the current additional costs as of 3/3/2025:

• $0.015/GB for storage past 10 GB.
• $4.50 per additional million operations past your monthly free limit of 1,000,000 Class A Operations.
• $0.36 per additional million operations past your monthly free limit of 10,000,000 Class B Operations.

If you are only hosting images, files, or files that are not changing, you will mainly be using Class B Operations, since that would be people viewing those items stored. And the Class A Operations would you be uploading these items, listing what is inside your bucket, deleting, editing, etc.

Another benefit of utilizing a custom domain with Cloudflare R2, is that it can leverage other features from Cloudflare such as their Content Delivery Network (CDN) for caching these files/images/videos. Which should result in limiting the number of Class B Operations, if the files are already cached by the user’s browser on Cloudflare’s edge network.

Additional information on pricing and the different type of operations can be found here.

Connection Setup

Find your Cloudflare R2 S3 API URL:

Create an API token with the following steps:

Verification and Save

ShareX Integration

To create a bucket:

1. Open R2.
2. Select Create bucket.
3. Type your bucket name of choice, and click Create Bucket.
4. Select Settings.
5. Scroll to Domain Access and select Connect Domain.
6. Type your domain and select Continue.
7. Select Connect domain.

To create an API token:

1. Open R2.
2. Select Manage R2 API Tokens on the top-right side of the dashboard.
3. Select Create API token.
4. Select the pencil icon or R2 Token text to edit your API token name.
5. Under Permissions, select Read or Edit for your token.
6. Select Create API Token.
7. Save a copy of your Access Key ID and Secret access key for the next step.

To configure uploading with ShareX:

1. In Destinations, select Destination Settings.
2. Scroll down to Amazon S3 and select it.
3. Using the Access Key ID and Secret access key, fill in the two top boxes.
4. Select Endpoint: and type <ACCOUNT_ID>.r2.cloudflarestorage.com. (You can find your account ID on the right-hand side of your Dashboard.)
5. Set Region: to auto.
6. Fill Bucket name: with the bucket name you picked on Cloudflare.
7. Change Upload path: to your preference.
8. Update Use custom domain: to the domain that you selected in the first step.
9. Uncheck Set public-read ACL on file.
10. Ignore the rest of the settings.
11. In Destinations, select Image uploader: and change it to File Uploader -> Amazon S3.
12. Take a screenshot and ensure that it uploads correctly.

Amazon S3 Configuration:

    if !strings.HasSuffix(r.URL.String(), "health") && claims.Username != "admin" {
      http.Error(w, "You don't have access to the key", http.StatusUnauthorized)
      return
    }

Lab: Directory Traversal 01

$file = "/var/files/example_".$_GET['id'].".txt";Copy

Lab: GraphQL Introspection

query IntrospectionQuery {
  __schema {
    queryType { name }
    mutationType { name }
    subscriptionType { name }
    types {
      ...FullType
    }
    directives {
      name
      description
      args {
        ...InputValue
      }
      onOperation
      onFragment
      onField
    }
  }
}

fragment FullType on __Type {
  kind
  name
  description
  fields(includeDeprecated: true) {
    name
    description
    args {
    ...InputValue
    }
    type {
    ...TypeRef
    }
    isDeprecated
    deprecationReason
  }
  inputFields {
  ...InputValue
  }
  interfaces {
  ...TypeRef
  }
  enumValues(includeDeprecated: true) {
    name
    description
    isDeprecated
    deprecationReason
  }
  possibleTypes {
  ...TypeRef
  }
}

fragment InputValue on __InputValue {
  name
  description
  type { ...TypeRef }
  defaultValue
}

fragment TypeRef on __Type {
  kind
  name
  ofType {
    kind
    name
    ofType {
      kind
      name
      ofType {
        kind
        name
      }
    }
  }
}

query IntrospectionQuery {
  __schema {
    queryType { name }
    mutationType { name }
    subscriptionType { name }
    types {
      ...FullType
    }
    directives {
      name
      description
      args {
        ...InputValue
      }
      locations
    }
  }
}

fragment FullType on __Type {
  kind
  name
  description
  fields(includeDeprecated: true) {
    name
    description
    args {
      ...InputValue
    }
    type {
      ...TypeRef
    }
    isDeprecated
    deprecationReason
  }
  inputFields {
    ...InputValue
  }
  interfaces {
    ...TypeRef
  }
  enumValues(includeDeprecated: true) {
    name
    description
    isDeprecated
    deprecationReason
  }
  possibleTypes {
    ...TypeRef
  }
}

fragment InputValue on __InputValue {
  name
  description
  type { ...TypeRef }
  defaultValue
}

fragment TypeRef on __Type {
  kind
  name
  ofType {
    kind
    name
    ofType {
      kind
      name
      ofType {
        kind
        name
      }
    }
  }
}

query MyQuery {
  __schema {
    types {
      name
      fields {
        name
      }
    }
  }
}

query Query {
  [NAME] {
    id
  }
}

query Query {
  projects {
    id
  }
}

Start Kali Linux - Burpsuite v2025.8.8 Community Edition

query IntrospectionQuery {\n  __schema {\n    queryType { name }\n    mutationType { name }\n    subscriptionType { name }\n    types {\n      ...FullType\n    }\n    directives {\n      name\n      description\n      args {\n        ...InputValue\n      }\n      locations\n    }\n  }\n}\n\nfragment FullType on __Type {\n  kind\n  name\n  description\n  fields(includeDeprecated: true) {\n    name\n    description\n    args {\n      ...InputValue\n    }\n    type {\n      ...TypeRef\n    }\n    isDeprecated\n    deprecationReason\n  }\n  inputFields {\n    ...InputValue\n  }\n  interfaces {\n    ...TypeRef\n  }\n  enumValues(includeDeprecated: true) {\n    name\n    description\n    isDeprecated\n    deprecationReason\n  }\n  possibleTypes {\n    ...TypeRef\n  }\n}\n\nfragment InputValue on __InputValue {\n  name\n  description\n  type { ...TypeRef }\n  defaultValue\n}\n\nfragment TypeRef on __Type {\n  kind\n  name\n  ofType {\n    kind\n    name\n    ofType {\n      kind\n      name\n      ofType {\n        kind\n        name\n      }\n    }\n  }\n}\n

Go back first response screenshot, you will find there is a value field, which you can put it to get the final key:

CBC-MAC

https://pentesterlab.com/exercises/cbc-mac

CBC-MAC is a method to ensure the integrity of a message by encrypting it using CBC mode and keeping the last encrypted block as a "signature". This ensures that a malicious user cannot modify any part of the data without having to change the signature. The key used for the "encryption" ensures that the signature cannot be guessed.

However, when using CBC-MAC, the developer needs to be very careful if the messages are not of a fixed length. In this example, we will use the fact that there is no protection in place to get the application to sign two messages and build another message by concatenating the two messages.

Theory

With CBC-MAC, we can generate two signatures t and t' for the messages m and m'. By using m and m' we can forge another message m'' that will have the same signature as m' (t'). One thing to keep in mind is that the recommended way to use CBC-MAC is to use a NULL IV.

To keep things simple, we are going to work on a single block for each message.

We can see below how signing both messages works (NB: both signatures are completely independent of each other):

If we try to concatenate those messages, the signature will no longer be valid (since t is now the IV for the second block where it was only NULL before):

However, if we XOR m' and t, the signature is now t':

Implementation

Based on the size of the signature, we can guess that the block size is likely to be 8. With this information, we will split administrator into:

• administ.
• rator\00\00\00.

We can trivially generate the signature for the first block, by just logging in and retrieving the signature t.

For the second block, we want the m' XOR t to be equal to rator\00\00\00. So to generate the second username we will need to XOR rator\00\00\00 with t (since the application will sign it with a NULL IV instead of t). Once we have this value, we can get the signature t'.

Finally, we just need to concatenate m and m' to get administrator and use t' as a signature.

https://pentesterlab.com/exercises/cbc-mac/videos

GCM Tag Truncation

Introduction

This exercise covers the impact of tag truncation in Galois/Counter Mode (GCM). When GCM is used, an authentication tag is generated to verify the integrity of the encrypted data. If an application fails to enforce the expected tag length, an attacker can supply a truncated tag and brute-force the missing bytes, drastically weakening the security.

This lab demonstrates how GCM truncation can be exploited against a Ruby application. The same vulnerable pattern can also be found in PHP with openssl_decrypt.

Exploitation

To exploit this issue, you will first need to register an account. The attack relies on creating a username that is very close to the targeted one (for example, bdmin, cdmin, or ddmin) in order to escalate to admin.

Once registered, you can take the encrypted session data, base64-decode it, and truncate the GCM tag to a single byte. If the application does not enforce the tag length, it may still accept the ciphertext, keeping you logged in.

At this point, you can modify the first byte of the encrypted username (after base64-decoding) and brute-force the single-byte tag until the server accepts it. If successful, you will be logged in. I you are logged in as admin, you will get access to the key for the challenge. If you end up logged in as another user, you can repeat the process with a different modification of the first byte until you gain access as admin.

Cloudflare R2 is an object storage provider similar to Amazon S3, which allows for storing large amounts of unstructured data. Cloudflare R2 is S3-compatible, so it is able to utilize some of the already created S3 libraries, extensions, and tools. One of the core benefits of Cloudflare’s offering, is that there are no egress charges, which some other companies charge when data is accessed externally. And depending on volume of requests and how much data is being requested, that can become costly.

More information can be found here.

Cloudflare R2 offers a forever free tier, that includes:

• 10 GB Storage per month
• 1,000,000 Class A Operations per month
• 10,000,000 Class B Operations per month

If you need to go past these limits or your utilization is past these limits, then the following is the current additional costs as of 3/3/2025:

• $0.015/GB for storage past 10 GB.
• $4.50 per additional million operations past your monthly free limit of 1,000,000 Class A Operations.
• $0.36 per additional million operations past your monthly free limit of 10,000,000 Class B Operations.

If you are only hosting images, files, or files that are not changing, you will mainly be using Class B Operations, since that would be people viewing those items stored. And the Class A Operations would you be uploading these items, listing what is inside your bucket, deleting, editing, etc.

Another benefit of utilizing a custom domain with Cloudflare R2, is that it can leverage other features from Cloudflare such as their Content Delivery Network (CDN) for caching these files/images/videos. Which should result in limiting the number of Class B Operations, if the files are already cached by the user’s browser on Cloudflare’s edge network.

Additional information on pricing and the different type of operations can be found here.

Connection Setup

Find your Cloudflare R2 S3 API URL:

Create an API token with the following steps:

Verification and Save

ShareX Integration

To create a bucket:

1. Open R2.
2. Select Create bucket.
3. Type your bucket name of choice, and click Create Bucket.
4. Select Settings.
5. Scroll to Domain Access and select Connect Domain.
6. Type your domain and select Continue.
7. Select Connect domain.

To create an API token:

1. Open R2.
2. Select Manage R2 API Tokens on the top-right side of the dashboard.
3. Select Create API token.
4. Select the pencil icon or R2 Token text to edit your API token name.
5. Under Permissions, select Read or Edit for your token.
6. Select Create API Token.
7. Save a copy of your Access Key ID and Secret access key for the next step.

To configure uploading with ShareX:

1. In Destinations, select Destination Settings.
2. Scroll down to Amazon S3 and select it.
3. Using the Access Key ID and Secret access key, fill in the two top boxes.
4. Select Endpoint: and type <ACCOUNT_ID>.r2.cloudflarestorage.com. (You can find your account ID on the right-hand side of your Dashboard.)
5. Set Region: to auto.
6. Fill Bucket name: with the bucket name you picked on Cloudflare.
7. Change Upload path: to your preference.
8. Update Use custom domain: to the domain that you selected in the first step.
9. Uncheck Set public-read ACL on file.
10. Ignore the rest of the settings.
11. In Destinations, select Image uploader: and change it to File Uploader -> Amazon S3.
12. Take a screenshot and ensure that it uploads correctly.

Amazon S3 Configuration: