I am offering a public session of my Windows Kernel Rootkits class in January 2019 in Laurel, Maryland (JHU-APL campus). Last year we analyzed and implemented some of Equation Group's kernel implants; maybe we will do another group this year. More info at gracefulbits.regfox.com/windows-kernel…

tbh, I didn't want to publish it, but since someone is pushing me out of my comfort zone (meh! :P), you will probably have some news from me in the following days. :-^ Meanwhile, Thaís (@[email protected]) and I wrote a massive "thank you" post for Bruce Dang here: blackhoodie.re/Recon_mtl/

I've now open sourced my latest hypervisor written in C. github.com/gamozolabs/fal… . See it in action youtube.com/watch?v=AqFMSI… ! This is what I demoed to Bruce Dang way back at Recon 2016 and he thought it was pretty cool, so it must be.

Windows Kernel Rootkits: Techniques and Analysis by Bruce Dang offensivecon.org/trainings/2019…

[BLOG] Playing with the Windows Notification Facility (WNF) blog.quarkslab.com/playing-with-t… cc Gwaby Alex Ionescu Bruce Dang

Day 2 took a little longer than expected. I hope you enjoy the article. Thanks for sticking with me. revers.engineering/day-2-entering…

My new blogpost: WoW64 internals - from the kernel initialization, through turbo thunks, "WoW64 functions", xtajit, CHPE, ... all the way to "Heaven's Gate" on ARM. wbenny.github.io/2018/11/04/wow…

There are many reasons to read Windows Internals end-to-end, but the most exciting one is attending Bruce Dang's Windows Kernel Rootkits training in offensivecon, one month from today. And I even get to be in the con with Dana Baril 😍 Thank you Blackhoodie so much!

Bruce Dang’s course is one of the best I’ve had the chance to attend.

Philip Tsukerman Bruce Dang has a really great rootkits training!

Motivated by a question from a friend and his coworker, I wrote a blog about HyperV and exit dispatching. See gracefulbits.com/2019/03/25/som… cc Saar Amar Arthur "Gerhart" Khudyaev Dmytro Oleksiuk 💥 [email protected] Also, Satoshi Tanda and I are offering a course on hypervisor development! See gracefulbits.regfox.com/designing-and-…

“It’s always very surprising and interesting to find these examples that push the limits of our current conception of how information is encoded.” — Harris Wang, systems biologist at Columbia University. quantamagazine.org/new-clues-abou…

If you are interested in developing hypervisors as UEFI modules, MiniVisor is for you: github.com/tandasat/MiniV… Also Bruce Dang and I are offering a 5-day class on the development of hypervisor, including UEFI version, in October. See details at gracefulbits.regfox.com/hypervisor-dev…

I wrote up what I learned to design and develop the type-1 (UEFI-based) hypervisor. This should be helpful to explore MiniVisor's and other type-1 hypervisor's code base, especially for those who know about blue-pill style hypervisors but not type-1. standa-note.blogspot.com/2020/03/introd…

What is INIT-SIPI-SIPI? Is this some kind voodoo magic? No, of course not. Wrote up how it is issued on Windows. standa-note.blogspot.com/2020/03/initia…

Announcement: the details and registration of our hypervisor development class for the public is finally open! Check out the details at tandasat.github.io/Hypervisor_Dev… The last private class was a big success, and this time will be even better🔥

We just finished my hypervisor development class. Thanks to everyone's passionate and active participation, we had a lot of additional discussions and experiments on the top of planned topics. It was fun!

I am offering an in-person class for hypervisor development at REcon! We will also discuss taking and reverting to snapshots for fast full-system fuzzing, as well as stealth hooking and hardware debuggers for lower footprint reverse engineering recon.cx/2022/trainingh…

Made a PoC binding over TTD traces and a few examples of use, such as trace diffing (ie. finding where traces'path differs) or call tree extraction (with symbol, ret value, etc.): github.com/commial/ttd-bi…

About 2 years ago, I and Bruce Dang had to spend a lot of time researching how to set up DCI (ie, HW debugger) for our class. Now we have inexpensive, off-the-shelf boards and software with webinars and guides for it. Amazing contributions to researchers by Alan Sguigna's team