trying this radical productivity hack where i simply DO NOT LOOK AT TWITTER

Who else copy/pastes text into Notepad and then copy/pastes the same text back into their original app just to remove formatting?

Amazing how many problems you can solve on Windows by killing dllhost. Its almost like COM was a mistake

hehe

170 of the loldrivers.io drivers load with the most recent HVCI driver blocklist. Do with this information what you will.

The Anti-AntiAdblocker uBlock Origin filter to get rid of the annoying YouTube message. It turns off the JavaScript anti-adblock payload: go.enderman.ch/cKoci

so apparently it's possible to delete files that are in-use in Windows - nuking the entire C:\Windows folder was a bad idea😅 i wonder what happens if this runs during the windows setup🤔 Enderman

#HoloCure modding has made a lot of advances in 2023, and it's now possible to mod the official YYC versions. Most of the currently worked-on projects are listed in this Reddit thread on the official subreddit: reddit.com/r/holocure/s/S… 2024 will hopefully bring even more mods.

just updated Windows what the FUCK is this

Ever wondered how those custom loaders work? They're native user-mode applications running under SMSS — «BootExecute applications». That's the earliest stage a user-mode application can be invoked in, right before winlogon.

yooo why vgk.sys tryna query KVM clocks, I ain't even running the riot client 😭😭😭 #valorant #vanguard

Turns out if you bp nt!MiCopyFromUntrustedMemory, you prevent WinDbg from working at all

Is it me or does it look like the crowdstrike driver is loading arbitrary binary files into kernel space and executing them?? Is csagent bypassing all security of the kernel?? The faulty file is all 00s!!

Hooking context switches on 24H2 like InfinityHook did in the old days... My first writeup's coming soon 😊

ETW is an incredibly powerful tool in the wrong hands. Just finished writing about how it allows drivers to hook context switches on Windows 11 24H2 while remaining PatchGuard and HVCI compatible: archie-osu.github.io/etw/hooking/20…

Dug into Riot Vanguard's kernel driver's dispatch table hooks. The article took an unexpected turn half way through, as I found some not yet documented stuff, such as the complete list of system calls hooked by the driver. Article link: archie-osu.github.io/2025/04/11/van…

Getting code execution in a process that cannot be located using traditional kernel APIs and is untouchable from usermode? All while staying PatchGuard-friendly? Sign me up: archie-osu.github.io/2025/04/13/pow…

Microsoft put C:\inetpub junk there for a reason 🫠 CVE-2025-21204 #greatfix

TIL: If you disable DSE by modifying nt!g_CiOptions to load an unsigned kernel driver, it will be logged :)

Wintel is coming for your SMEP bypasses! No more flipping the U/S bit in a PTE to mark a user-mode page as supervisor-mode on Intel Arrow Lake CPUs :) (note: this is meant for protection against speculative attacks, with the side effect of becoming SMEP 2.0)