Looks like BlueHat IL talks are online now, so here’s my talk for anyone who wanted to learn about the latest episode of KASLR and couldn’t make it: youtu.be/Dk2rLO2LC6I

It's an end to an era 🤣. I have finally put "jsecurity101" to bed on all platforms. You can find my blog and github via: Github: github.com/jonny-jhnson Medium: jonny-johnson.medium.com

Have you ever wondered if there was a way to deploy a "Remote EDR"? Today I'm excited to share research I've been working on for the past couple months. This dives into DCOM Interfaces that enable remote ETW trace sessions without dropping an agent to disk. Includes a detailed

Chatting with mah fwend and co-worker Jonny Johnson to learn all about Event Tracing for Windows, and some super cool projects he has been working on: a lightweight and custom "toy EDR" JonMon and ETWInspector to help with Windows telemetry research! youtu.be/BNWAxJFL6uM

Exploit Development: Investigating Kernel Mode Shadow Stacks on Windows, by Connor McGarr connormcgarr.github.io/km-shadow-stac…

My new blog covering user-mode EDR/AV platform and changes to Windows (including the death of the BSoD!!) blogs.windows.com/windowsexperie…

In the latest Insider Preview — “validation” routines are present before dispatching various kernel notifications (thread, image load, etc.) I assume it’s to make sure software is “playing nicely”? I’m not privy to the latest offensive tradecraft. Is this a mitigation?

I don't know which update specifically, but in a recent update of 24H2 it looks like the Win32k system call table is protected by Kernel Data Protection (read-only SLAT entry)! I believe CI!g_CiOptions and msseccore's SecKdpSe PE section were the only things using it before.

Super excited to be speaking at SAINTCON this year!

I'm happy to announce that HyperDbg v0.14 is released! This version includes HyperEvade (beta preview), fixes Win11 24H2 compatibility issues, and adds multiple timing functions to the script engine (Special thanks to Björn Ruytenberg). Check it out: github.com/HyperDbg/Hyper… (1/3)

Very awesome!! It looks like code to support SMAP is beginning to appear the latest Canary build!

I am excited for us to finally share our fully user-mode detection agent research preview! Intel Processor Trace, Last Branch Record, thread scheduler and PMU telemetry all from user-mode, using the latest Windows features!

I am over the moon to have spoken at Black Hat USA for my first time, about KCFG and KCET on Windows. It has been a goal of mine to always speak here and I am very pleased to have done so!

My slides are available now! Thank you Alex Plaskett !!!