Thrilled to share that my research has been accepted to BOTH Black Hat USA and DEF CON 32! I’ll present my research “Windows Downdate: Downgrade Attacks Using Windows Updates” Abstract is still under embargo, but I promise its worth the wait. Stay tuned! #BHUSA #DEFCON32

Procmon

Just hit the 5-hour work mark and explorer.exe hasn’t crashed even once. Wondering if I should report this bug to MSRC

Super excited that my research on Windows downgrade attacks has been nominated for the most epic achievement pwnie award!

🚨New! "PKFail: Untrusted Platform Keys Undermine Secure Boot on UEFI Ecosystem." #PKfail is a supply-chain issue affecting x86/ARM devices around the globe. Blog: binarly.io/blog/pkfail-un… Full report: …222483.fs1.hubspotusercontent-na1.net/hubfs/22222483… A free scanning tool: pk.fail

I’m thrilled to share my latest blog post! This one focuses on the bug hunting process: inspiration, approach, and execution. I also provide a retrospective on how the bug was introduced and analyze the insufficient “patch”. Check it out: securityintelligence.com/x-force/little…

Reminder: tomorrow at Black Hat 10:20 AM in Oceanside A - I will be sharing my journey of researching downgrade attacks on Windows and their severe implications on Windows’s platform security. Join my talk “Windows Downdate: Downgrade Attacks Using Windows Updates” #BHUSA

Proud to have been nominated for the most epic achievement Pwnie Awards, congrats to the winner Andres Freund (Tech) for finding the XZ backdoor, truly an epic achievement! If you want to hear more about my research, join my talk tomorrow at DEF CON 10 am LVCC-L1-HW1-11-03 (Track 3)

Just had our DEF CON talk and we are thrilled to publish QuickShell - tools for researching Google's Quick Share including a sniffer, a fuzzer, tools that exploit the 10 vulnerabilities Shmuel Cohen and I found, and the RCE attack we chained them into github.com/SafeBreach-Lab…

For those of you interested in getting started with UEFI vuln research and exploitation, check out the Damn Vulnerable UEFI project on GitHub github.com/hacking-suppor… By Stan Lyakhov and myself. Contributions are welcome!

Had the best time presenting Windows Downdate at Black Hat USA and DEF CON 32, thank you all for joining. Windows Downdate is now live! Blog - safebreach.com/blog/downgrade… GitHub repo - github.com/SafeBreach-Lab… #BHUSA #DEFCON32

v-v.space/2024/08/19/CVE… Check my blog about Windows secure channel RCE analysis, though MSRC thought it's a DOS. By the way, I'm not the finder. Share for studying

If you're into researching Google's Quick Share, don't forget to check out QuickShell! It implements the RCE chain we found and tools allowing to sniff, receive and send the protocol's packets, fuzz the protocol, exploit vulnerabilities we found and more! github.com/SafeBreach-Lab…

We've updated our blog on abusing file deletes to escalate privileges. We've also released PoC to demonstrate this. The exploit offers a high degree of reliability and eliminates all race conditions. It has been tested on the latest Windows 11 Enterprise. zerodayinitiative.com/blog/2022/3/16…

Big changes to one of the most targeted attack surface in Windows - techcommunity.microsoft.com/t5/security-co…