Sabitlenmiş Tweet
SetUserFTA has now its own domain and Twitter account. I will no longer use my blog to share information about SetUserFTA. Please follow @setuserfta on Twitter and visit the website at setuserfta.com
English
Christoph Kolbicz
829 posts
Christoph Kolbicz
@_kolbicz
IT-Consultant @axacomag (CCE-V, CCE-N, MCSE, VCP), interested in Reverse Engineering, Jailbreaking and #XMR. Developer of SetUserFTA. Owner of Kolbicz IT.
Brasilien Katılım Ağustos 2017
278 Takip Edilen744 Takipçiler
@zeroxjf Lara doesn’t support OTA-only builds like 18.7 since there’s no kernelcache download. But this project has all offsets and even supports SpringBoard injection: github.com/wh1te4ever/dar… I even got a few extra tweaks working with it.
English
Not gonna lie, Lara is 100x more stable than LightSaber (obviously - it’s a proper reimplementation). It also supports many devices/versions. LS may have already served its purpose, however short lived lol.
roooot@rooootdev
For everyone who cares, Lara now has the 3 App Bypass fully working! github.com/rooootdev/lara
English
Pinning and unpinning Start menu items on Windows 11 + Server 2025 via command line? Yes!
Still very early stage - but it’s working 😎
English
Working on a new project: TaskbarPin – Command-line tool to manage your Windows 11 taskbar pins. Pin by app name, index, or exe path, at any position. Unpin, reorder, and export/import layouts across machines. Works with Win32, MSIX, and UWP apps on Windows 11 😎
English
Christoph Kolbicz retweetledi
SetUserFTA 2.x will be the last release supporting 32-bit. SetUserFTA 3.x is native x64 only and drops legacy OS support. It’s now in release candidate stage (no ETA yet) and adds AppDefaultHashRotation + more features & optimizations 😎
English
Christoph Kolbicz retweetledi
More on per-user FTA with @_kolbicz SetUserFTA: Setting MSIX Firefox/Chrome as defaults + .txt to MSIX Notepad++. All repackaged. Thanks again Christoph for the NFR & the best FTA tool for EUC 🇧🇷 #MSIX #SetUserFTA
English
New UCPD.sys pattern update now blocks mshta.exe. I’ve used this workaround since May 2024. It looks like the .hta trick (or inline scripts) got abused in the wild and is now blocked. Yes, this affects the personal edition of SetUserFTA - on consumer Windows.
English
@BethelEgwu This is only one type of rule. The driver already supports five types, but all of them work by extending lists for specific functions.
English
@_kolbicz interesting. wonder if they’ll start layering behavioral checks next instead of just static deny rules. feels like this is the groundwork for something more adaptive
English
UCPD.sys dynamic rules are now live. They’re shipped in a non-executable PE with multiple signature checks and an encrypted payload. I’ve decrypted it – currently it just extends the deny list with a single new entry.
English
KB5067036 installs UCPD.sys v4.5, which can now monitor Windows Services and protect additional registry keys for "GamingConfiguration"
English
Christoph Kolbicz retweetledi
SetUserFTA v3.0 is in the works - featuring UserChoiceLatest support and an additional UCPD.sys bypass. Stay tuned!
English
Looks like Microsoft is now A/B testing the UserChoiceLatest hash on Windows 11 Enterprise. It's 2025 - and it takes 5,000 lines of C just to change a file type association.
English
More technical details: the PE file they are referring to is not executed. Instead, it is used to dynamically update the driver’s functionality, similar to a signature file.: min.news/en/news/6d1f01…
Tech Tech China@techtechchina
Chinese researchers allege #Microsoft’s Windows hides a “backdoor” via UCPD.sys: blocking Tencent, 360 apps but letting foreign rivals pass, logging Chinese IPs in detail, and enabling remote code execution. EU forced openness under DMA; in China it raises privacy & security alarm.
English
Christoph Kolbicz retweetledi
Chinese researchers allege #Microsoft’s Windows hides a “backdoor” via UCPD.sys: blocking Tencent, 360 apps but letting foreign rivals pass, logging Chinese IPs in detail, and enabling remote code execution. EU forced openness under DMA; in China it raises privacy & security alarm.
English
@Eightian Didn’t write about this on my blog since it’s a sensitive topic. But yeah, Microsoft completely blacklisted some Chinese publishers and keeps a closer eye on them. Other vendors get blocked and tracked too - just not as directly.
English
@_kolbicz Any comment.
x.com/techtechchina/…
Tech Tech China@techtechchina
Chinese researchers allege #Microsoft’s Windows hides a “backdoor” via UCPD.sys: blocking Tencent, 360 apps but letting foreign rivals pass, logging Chinese IPs in detail, and enabling remote code execution. EU forced openness under DMA; in China it raises privacy & security alarm.
English
KB5064081 updates UCPD.sys to v4.4 with four new features and shifts several older ones into the base protection layer. More details coming soon.
English
Microsoft is now enabling almost all the new features I covered in my blog on Windows 11 Pro. My test VM has most of them activated already - interestingly, file rename protection isn’t active yet.
Christoph Kolbicz@_kolbicz
New blog post: UCPD.sys – UserChoice Protection Driver Part 2: kolbi.cz/blog/2025/07/1…
English
New blog post: UCPD.sys – UserChoice Protection Driver Part 2: kolbi.cz/blog/2025/07/1…
English
UCPD.sys v4.3 is now rolling out on Windows 11. It brings 6 new protection features (currently inactive) - including one that blocks the file renaming attack 😬
English
Looks like Microsoft is rolling out the new hash protection more broadly - even my test VM just got migrated to UserChoiceLatest. Time to update @SetUserFTA, I guess 😬
English