Disable Citrix Autorun on MacOS

(Just for my references)

Environment:

1.     MacBook Pro 2019 Intel

2.     MacOS: Ventura 13.0

3.     Citrix Workspace: version 22.10.0.44(2210)

 

Symptoms

Citrix Workspace always automatically run and pop up the login window during every reboot. And there is no option on the GUI to disable it.

 

This is ridiculous because user won’t use it all the time.

 

Solution

1.     Go to folder /Library/LaunchAgents: cd /Library/LaunchAgents

2.     List the Citrix plist files: ls -l com.citrix.*

3.     To be on the safe side, copy these plist files to a backup location: cp ./com.citrix.* ~/Downloads/citrix_backup

 

4.     Delete 1 file: sudo rm -f com.citrix.ReceiverHelper.plist

5.     Edit com.citrix.safariadapter.plist : sudo vi com.citrix.safariadapter.plist

6.     Find the value “RunAtLoad”, change it to “false”

7.     Reboot and the pop up window should be gone.

Simple way to hide files in Windows

Test Environment

1.     Windows 11 Pro 21H2

 

Here will discuss 3 topics:

1.     Create a hidden text file

2.     Create an embedded hidden executable file

3.      Run the hidden executable file

 

Create a hidden text file

Below command create a normal text file

C:\temp>echo This is Normal Text. > normal.txt

 

C:\temp>type normal.txt

This is Normal Text.

 

 Below command create hidden text using stream

C:\temp>echo This is hidden text. > normal.txt:hidden.txt

 

C:\temp>type normal.txt

This is Normal Text.

 

Type command cannot show the hidden text

C:\temp>type normal.txt:hidden.txt

The filename, directory name, or volume label syntax is incorrect.

 

Dir command won’t show the hidden file

C:\temp>dir

 Volume in drive C has no label.

 Volume Serial Number is 64AD-2FC5

 

 Directory of C:\temp

 

10/18/2022  02:14 PM    <DIR>          .

10/18/2022  02:14 PM                23 normal.txt

               1 File(s)             23 bytes

               1 Dir(s)  56,873,701,376 bytes free

 

Use “dir /R” to show the hidden file

/R          Display alternate data streams of the file.

C:\temp>dir /R

 Volume in drive C has no label.

 Volume Serial Number is 64AD-2FC5

 

 Directory of C:\temp

 

10/18/2022  02:14 PM    <DIR>          .

10/18/2022  02:14 PM                23 normal.txt

                                                      23 normal.txt:hidden.txt:$DATA

               1 File(s)             23 bytes

               1 Dir(s)  56,873,701,376 bytes free

 

 

Use notepad to show the hidden text

C:\temp>notepad normal.txt:hidden.txt

 

 

Delete the normal.txt will delete the hidden file

C:\temp>dir /R

 Volume in drive C has no label.

 Volume Serial Number is 64AD-2FC5

 

 Directory of C:\temp

 

10/18/2022  02:14 PM    <DIR>          .

10/18/2022  02:14 PM                23 normal.txt

                                    23 normal.txt:hidden.txt:$DATA

               1 File(s)             23 bytes

               1 Dir(s)  56,873,533,440 bytes free

 

C:\temp>del normal.txt

 

C:\temp>dir /R

 Volume in drive C has no label.

 Volume Serial Number is 64AD-2FC5

 

 Directory of C:\temp

 

10/18/2022  02:17 PM    <DIR>          .

               0 File(s)              0 bytes

               1 Dir(s)  56,873,533,440 bytes free

 

 

Hide Calculator

Create a normal text fle

C:\temp>echo This is Normal Text. > normal.txt

 

Find the location of the Calculator app

C:\temp>where calc.exe

C:\Windows\System32\calc.exe

 Hide the Calculator App into the normal text file

C:\temp>type C:\Windows\System32\calc.exe > normal.txt:calc.exe

 

“dir” comman won’t show the embedded file

C:\temp>dir

 Volume in drive C has no label.

 Volume Serial Number is 64AD-2FC5

 

 Directory of C:\temp

 

10/18/2022  02:21 PM    <DIR>          .

10/18/2022  02:23 PM                23 normal.txt

               1 File(s)             23 bytes

               1 Dir(s)  56,876,064,768 bytes free

 

Use “dir /R” to show the file

C:\temp>dir /R

 Volume in drive C has no label.

 Volume Serial Number is 64AD-2FC5

 

 Directory of C:\temp

 

10/18/2022  02:21 PM    <DIR>          .

10/18/2022  02:23 PM                23 normal.txt

                                                     27,648 normal.txt:calc.exe:$DATA

               1 File(s)             23 bytes

               1 Dir(s)  56,877,633,536 bytes free

Run the embedded Calculator App

For old windows like XP, win 7, use “start” command.

C:\temp>start normal.txt:calc.exe

In Windows 10 and 11, using “start” command will pop up the “Look for app” window

 

The correct command to run the embedded file is “forfiles”

C:\temp>forfiles /P c:\Windows\System32 /m notepad.exe /c "c:\temp\normal.txt:calc.exe"

Two Free Temporary Virtual Machine

 Scenario

Sometimes you want to use a computer that is outside of your network to test firewall rule, or you might just want to run some tests.

For example, if you are in a school, you want to play browser games, you can use these Virtual Machines to bypass the firewall restriction.

Microsoft Learn provide some temporary virtual machines in their labs. The purpose of these virtual machines was used to practice the lab exercises, but you can use for others.

Requirement:

1.  A Microsoft free account: @outlook.com, @live.com, @hotmail.com etc.
2. Edge or Chrome Browser.
3. https://github.com/kmille36/Windows-11-VPS

First Virtual Machine

1. Open Microsoft Edge Browser, login with your Microsoft free account.
2.  Open Url: https://learn.microsoft.com/en-us/training/modules/implement-common-integration-features-finance-ops/10-exercise-1 
3. (You might need to agree to an announcement)
   
   
   
4. Click “Launch VM Mode” button.
5. Wait for a few minutes, the VM will be ready to use.
6. On the right panel, click “Resources” tab, you can see the username and the password. It also shows how many hours remaining. Typically, you can use it for 2 hours.
   
7.  Enter the password and login to the machine.
8. The flash icon on the up-left screen provides some keyboard function.
   
9. You can make it full screen by click the screen icon beside the flash icon.
   
10. After you finish the testing, you can shut down the VM, click the “Instruction” tab on the right panel. Click “Done” button at the down-right of the screen. 
    

 

 

Second Virtual Machine

1.  For this VM, you will need to run some Azure Cloud Shell commands to create it. Fortunately, https://github.com/kmille36/Windows-11-VPS has some scripts to make it very simple.
2. Open Microsoft Edge Browser, login with your Microsoft free account.
3. Open Url: https://learn.microsoft.com/en-ca/training/modules/monitor-azure-vm-using-diagnostic-data/3-exercise-create-virtual-machine
4. Click on “Activate Sandbox” button. 
5. You might be asked for the permissions, just accept all the required permissions.
   
   
   
   
6. Wait for a few minutes until the Azure shell window ready.
7. Enter command: curl -skLO is.gd/azurewinvmplus ; chmod +x azurewinvmplus ; ./azurewinvmplus
   
   
   
   
8.  Follow the instruction to create the VM that suitable for you.
9. Once you see “…is READY TO USE !!!” message, you can use Remote Desktop tools to connect to this VM. The IP, username and password can be found on the screen.
   
   

    

   Use Cases:
   1. Run NMAP to scan public IPs.

   
   
   
   

    

   References:

   1.    https://docs.microsoft.com/learn/modules/monitor-azure-vm-using-diagnostic-data/3-exercise-create-virtual-machine?activate-azure-sandbox=true

   2.    https://learn.microsoft.com/en-us/training/modules/implement-common-integration-features-finance-ops/10-exercise-1

   3.    https://learn.microsoft.com/en-ca/training/modules/monitor-azure-vm-using-diagnostic-data/3-exercise-create-virtual-machine

   4.    https://github.com/kmille36/Windows-11-VPS