Thursday, November 3, 2022

Disable Citrix Autorun on MacOS

(Just for my references)


1.     MacBook Pro 2019 Intel

2.     MacOS: Ventura 13.0

3.     Citrix Workspace: version



Citrix Workspace always automatically run and pop up the login window during every reboot. And there is no option on the GUI to disable it.


This is ridiculous because user won’t use it all the time.



1.     Go to folder /Library/LaunchAgents: cd /Library/LaunchAgents

2.     List the Citrix plist files: ls -l com.citrix.*

3.     To be on the safe side, copy these plist files to a backup location: cp ./com.citrix.* ~/Downloads/citrix_backup


4.     Delete 1 file: sudo rm -f com.citrix.ReceiverHelper.plist

5.     Edit com.citrix.safariadapter.plist : sudo vi com.citrix.safariadapter.plist

6.     Find the value “RunAtLoad”, change it to “false”

7.     Reboot and the pop up window should be gone.

Wednesday, November 2, 2022

Simple way to hide files in Windows

Test Environment

1.     Windows 11 Pro 21H2


Here will discuss 3 topics:

1.     Create a hidden text file

2.     Create an embedded hidden executable file

3.      Run the hidden executable file


Create a hidden text file

Below command create a normal text file

C:\temp>echo This is Normal Text. > normal.txt


C:\temp>type normal.txt

This is Normal Text.


 Below command create hidden text using stream

C:\temp>echo This is hidden text. > normal.txt:hidden.txt


C:\temp>type normal.txt

This is Normal Text.


Type command cannot show the hidden text

C:\temp>type normal.txt:hidden.txt

The filename, directory name, or volume label syntax is incorrect.


Dir command won’t show the hidden file


 Volume in drive C has no label.

 Volume Serial Number is 64AD-2FC5


 Directory of C:\temp


10/18/2022  02:14 PM    <DIR>          .

10/18/2022  02:14 PM                23 normal.txt

               1 File(s)             23 bytes

               1 Dir(s)  56,873,701,376 bytes free


Use “dir /R” to show the hidden file

/R          Display alternate data streams of the file.

C:\temp>dir /R

 Volume in drive C has no label.

 Volume Serial Number is 64AD-2FC5


 Directory of C:\temp


10/18/2022  02:14 PM    <DIR>          .

10/18/2022  02:14 PM                23 normal.txt

                                                      23 normal.txt:hidden.txt:$DATA

               1 File(s)             23 bytes

               1 Dir(s)  56,873,701,376 bytes free



Use notepad to show the hidden text

C:\temp>notepad normal.txt:hidden.txt



Delete the normal.txt will delete the hidden file

C:\temp>dir /R

 Volume in drive C has no label.

 Volume Serial Number is 64AD-2FC5


 Directory of C:\temp


10/18/2022  02:14 PM    <DIR>          .

10/18/2022  02:14 PM                23 normal.txt

                                    23 normal.txt:hidden.txt:$DATA

               1 File(s)             23 bytes

               1 Dir(s)  56,873,533,440 bytes free


C:\temp>del normal.txt


C:\temp>dir /R

 Volume in drive C has no label.

 Volume Serial Number is 64AD-2FC5


 Directory of C:\temp


10/18/2022  02:17 PM    <DIR>          .

               0 File(s)              0 bytes

               1 Dir(s)  56,873,533,440 bytes free



Hide Calculator

Create a normal text fle

C:\temp>echo This is Normal Text. > normal.txt


Find the location of the Calculator app

C:\temp>where calc.exe


 Hide the Calculator App into the normal text file

C:\temp>type C:\Windows\System32\calc.exe > normal.txt:calc.exe


“dir” comman won’t show the embedded file


 Volume in drive C has no label.

 Volume Serial Number is 64AD-2FC5


 Directory of C:\temp


10/18/2022  02:21 PM    <DIR>          .

10/18/2022  02:23 PM                23 normal.txt

               1 File(s)             23 bytes

               1 Dir(s)  56,876,064,768 bytes free


Use “dir /R” to show the file

C:\temp>dir /R

 Volume in drive C has no label.

 Volume Serial Number is 64AD-2FC5


 Directory of C:\temp


10/18/2022  02:21 PM    <DIR>          .

10/18/2022  02:23 PM                23 normal.txt

                                                     27,648 normal.txt:calc.exe:$DATA

               1 File(s)             23 bytes

               1 Dir(s)  56,877,633,536 bytes free

Run the embedded Calculator App

For old windows like XP, win 7, use “start” command.

C:\temp>start normal.txt:calc.exe

In Windows 10 and 11, using “start” command will pop up the “Look for app” window


The correct command to run the embedded file is “forfiles”

C:\temp>forfiles /P c:\Windows\System32 /m notepad.exe /c "c:\temp\normal.txt:calc.exe"

Two Free Temporary Virtual Machine


Sometimes you want to use a computer that is outside of your network to test firewall rule, or you might just want to run some tests.

For example, if you are in a school, you want to play browser games, you can use these Virtual Machines to bypass the firewall restriction.

Microsoft Learn provide some temporary virtual machines in their labs. The purpose of these virtual machines was used to practice the lab exercises, but you can use for others.


  1.  A Microsoft free account:,, etc.
  2. Edge or Chrome Browser.

First Virtual Machine

  1. Open Microsoft Edge Browser, login with your Microsoft free account.
  2.  Open Url: 
  3. (You might need to agree to an announcement)

  4. Click “Launch VM Mode” button.
  5. Wait for a few minutes, the VM will be ready to use.
  6. On the right panel, click “Resources” tab, you can see the username and the password. It also shows how many hours remaining. Typically, you can use it for 2 hours.
  7.  Enter the password and login to the machine.
  8. The flash icon on the up-left screen provides some keyboard function.
  9. You can make it full screen by click the screen icon beside the flash icon.
  10. After you finish the testing, you can shut down the VM, click the “Instruction” tab on the right panel. Click “Done” button at the down-right of the screen. 


Second Virtual Machine

  1.  For this VM, you will need to run some Azure Cloud Shell commands to create it. Fortunately, has some scripts to make it very simple.
  2. Open Microsoft Edge Browser, login with your Microsoft free account.
  3. Open Url:
  4. Click on “Activate Sandbox” button. 
  5. You might be asked for the permissions, just accept all the required permissions.

  6. Wait for a few minutes until the Azure shell window ready.
  7. Enter command: curl -skLO ; chmod +x azurewinvmplus ; ./azurewinvmplus

  8.  Follow the instruction to create the VM that suitable for you.
  9. Once you see “…is READY TO USE !!!” message, you can use Remote Desktop tools to connect to this VM. The IP, username and password can be found on the screen.


    Use Cases:
    1. Run NMAP to scan public IPs.








Thursday, October 13, 2022

Fix UTM “File size exceeds the limit allowed” issue



1.     MacBook Pro 2021, Apple M1 Pro Silicon

2.     UTM version: 3.2.4(58)

3.     Virtual Machine: Windows 11 21H2 ARM



Tried to copy a 50M file from the shared folder to the windows virtual machine, got a popup error window:


An unexpected error is keeping you from copying the file. If you continue to receive this error, you can use the error code to search for help with this problem.


Error 0x800700DF: The file size exceeds the limit allowed and cannot be saved.





Run “regedit”, open Registry Editor.


Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters


Right click on the FileSizeLimitInBytes and click Modify


Click on Decimal


In the Value data box, type 4294967295, and then click OK. (extend the file size limit to 4G).