Tuesday, October 7, 2025

GUI for Azure Trusted Signing Local Exe dotNet 4.8

A GUI for Azure Trusted Signing Repo


GUI-for-AzureTrustedSigning: .Net 4.8 Port of GUI-for-ATS (github.com)



Graphical User Interface for Microsoft Azure Trusted Signing to code sign your local application, ported to Net 4.8 Framework from GUI-for-ATS


Instructions

ORG - Code signing on Windows with Azure Trusted Signing · Melatonin

📌 Overview

GUI for ATS is a user-friendly graphical interface that simplifies the use of Microsoft Azure Trusted Signing. It streamlines the process of signing files, making it easier for developers and businesses to integrate secure code signing into their workflow.


🔐 Security Advantage

The main advantage of this application is that you do not need to create the environment variables
AZURE_CLIENT_IDAZURE_TENANT_ID, and AZURE_CLIENT_SECRET.
This data is securely stored in encrypted form after you enter it and is only used in plaintext during the signing process.


GUI Screenshot


🔧 Requirements




Posted by metadataconsulting (profile) at 1:00 AM 0 comments

Monday, September 29, 2025

Cloud Storage Phishing email with subject Your Cloud Storage Is Full. Receive 50 GB for FREE

For the record, this is generic Cloud Storage phishing email attempt that is recently going around, with subject "Your Cloud Storage Is Full. Receive 50 GB for FREE!" What to do?  Report them, goto bottom of page. 


From : Cloud.Request <maleen689.6979@gmail.com>
Subject : Your Cloud Storage Is Full. Receive 50 GB for FREE!










PHISHING LINKs;

1. Hover over image
https://openmylink.in/xxxxxx hosted in India


How to tell this is a Phishing email ?

  1. Check email address in full, if it's not from originating company then it's phishing.
  2. Hover over all links in email, if it's not from the  company's website then forget it.
  3. The best way is to 

How to examine Email Message Source ?

Now lets look at message source
  1. Outlook.com->Actions->View Message Source. 
  2. Gmail.com->More (down arrow to top right)->Show original.
Check for suspicious links, anything that does not originate from apple.com.


Report Phishing Email (not as Spam)

  1. Outlook.com->Junk (at Top)->Phishing Scam
  2. Gmail.com->More (down-arrow to top right)->Report Phishing 

Report Phishing

If you have received this email, take further 

  1. https://www.google.com/safebrowsing/report_phish/


Report phishing at Microsoft and government agencies

  1. http://www.microsoft.com/security/online-privacy/phishing-faq.aspx

Posted by metadataconsulting (profile) at 7:00 AM 0 comments

Saturday, August 30, 2025

Windows 11 Home Registry Size, Number of Keys, Values

Here's some basic questions about registry size for Windows 11 Home default installation with Office Home Edition.






This is an excellent backgrounder on Registry.

  1. https://googleprojectzero.blogspot.com/2024/10/the-windows-registry-adventure-4-hives.html
  2. Windows Registry Forensics Cheat Sheet 2025 - Cyber Triage
  3. Metadata Consulting [dot] ca - Blog: Windows 10 Registry Size, Number of Keys, Values
  4. RegToText - Registry to Text Utility


Here some stats on how large the registry is

DU v1.62 - Directory disk usage reporter
Copyright (C) 2005-2018 Mark Russinovich
Sysinternals - www.sysinternals.com


Totals:
Files:        160
Directories:  1
Size:         253,415,744 bytes
Size on disk: 253,748,904 bytes or  242.01 MB on disk


Raw Counts for Entire Registry Export file

File Name    Size    

---------    ----    

win11org.reg 515.71 MB


Number of Subkey paths in registry export file. Line starts with [

698591

Number of Default key/value pairs in registry export file. Line starts with @ (default) key

290280

Number of Named key/value pairs in registry export file. Line starts with " a named key

902551

Total Number of key/value pairs in registry export file. Line starts with @ (default) key or " a named key

1,192,831

There are 1,192,866 registry paths. 

Counts this included keys and values, can also be empty keys! 
There are 70,145 plain keys/paths, that have no key/value pairs under them.

Dureg Command


C:\Program Files (x86)\Resource Kit>dureg /a

Size of HKEY_CLASSES_ROOT   :   33,754,161
Size of HKEY_USERS          :   10,603,222
Size of HKEY_LOCAL_MACHINE  :   74,425,586

    Total Registry data size:    118,782,969   

You can get dureg here....

https://web.archive.org/web/20060415040835/http://download.microsoft.com/download/win2000platform/WebPacks/1.00.0.1/NT5/EN-US/Dureg.exe


Depth of keys 

Depth counts number of 'subdirectories' for a key. For example this key below, would have a depth of 7 (don't count top hive HKEY_LOCAL_MACHINE).  

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Content Indexer Cleaner] 

1	2	0.00%
2	14	0.00%
3	943	0.13%
4	7083	1.01%
5	55661	7.97%
6	181103	25.92%
7	121044	17.33%
8	83524	11.96%
9	56718	8.12%
10	84210	12.05%
11	25604	3.67%
12	31723	4.54%
13	30203	4.32%
14	8822	1.26%
15	3673	0.53%
16	4814	0.69%
17	1440	0.21%
18	946	0.14%
19	573	0.08%
20	209	0.03%
21	34	0.00%
22	67	0.01%
23	65	0.01%
24	42	0.01%
25	58	0.01%
26	8	0.00%
27	4	0.00%
28	4	0.00%
	698591




Registry Types for Win11



Windows 11 Strange New Values in Registry ? 

"SCO Support Level"=hex(200000):
"ManufacturerName"=hex(20004)
"WUDF"=hex(100000):


These are all the windows registry types that appear in .reg file are translated. 


"value"
alias hex(1)		Default or blankString value data with escape characters
hex
alias hex(3)		REG_BINARYBinary data (any arbitrary data, override interpolated by /e, if not found by Mozilla Universal Charset Detector library)
dword
alias hex(4)		REG_DWORDA 32-bit unsigned integer coded in little-endian format
hex(0)REG_NONENo type (the stored value, if any)
hex(1)REG_SZA string value, normally stored and exposed in UTF-16LE (when using the Unicode version of Win32 API functions), usually terminated by a NUL character
hex(2)EXPAND_SZAn “expandable” string value that can contain environment variables, normally stored and exposed in UTF-16LE, usually terminated by a NUL character
hex(3)REG_BINARYBinary data (any arbitrary data, override interpolated by /e, if not found by Mozilla Universal Charset Detector library)
hex(4)
REG_DWORD_LITTLE_ENDIAN
equivalent to REG_DWORD 
A 32-bit unsigned integer coded in little-endian format
hex(5)REG_DWORD_BIG_ENDIANA 32-bit unsigned integer coded in big-endian format
hex(6)REG_LINKA symbolic link (UNICODE) to another Registry key, specifying a root key and the path to the target key
hex(7)REG_MULTI_SZA multi-string value, which is an ordered list of non-empty strings, normally stored and exposed in UTF-16LE, each one terminated by a NUL character, the list being normally terminated by a second NUL character.
hex(8)REG_RESOURCE_LISTA resource list, as specified https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/ns-wdm-_cm_resource_list
hex(9)REG_FULL_RESOURCE_DESCRIPTORA resource descriptor, as specified https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/ns-wdm-_cm_full_resource_descriptor
hex(a)REG_RESOURCE_REQUIREMENTS_LISTA resource requirements list, as specified https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/wdm/ns-wdm-_io_resource_requirements_list
hex(b)REG_QWORD_LITTLE_ENDIAN
equivalent to REG_QWORD 		A 64-bit integer little-endian (introduced in Windows XP)



To convert these values to text get my tool at RegToText - Registry to Text Utility






















 
Posted by metadataconsulting (profile) at 7:00 AM 0 comments
Subscribe to: Comments (Atom)