Ever wanted to debug the secure kernel but couldn't figure out how? Me too. It's awful. But I eventually got it working and managed to do some cool stuff, so I documented my solutions here in case it helps anyone else: windows-internals.com/secure-kernel-…

Spotted at Day 1 Off-By-One Conference 2025! Did you see any cool hoodies and t-shirts here?

Shoutout to the other incredible researchers who made this quarter’s leaderboard. Your work and partnership is deeply appreciated! Dhiral Patel (4o4) b0ring Haifei Li Simon k0shl @xtytia0922 Greg Long insu nevul37 naveen Ashish Dhone Niraj Mahajan

I am excited to say my talk at Black Hat USA 2025 was accepted where I will be sharing my recent research on kernel-mode CET as well as KCFG on Windows!

v-v.space/2025/05/15/CVE… RDG RCE sharing

Our latest deep dive explores research on Windows Kernel Streaming. Check out Angelboy’s (Angelboy) write-up for key insights and analysis. Read more here: devco.re/blog/2025/05/1… #VulnerabilityResearch #Cybersecurity #WindowsKernel #OffensiveCon

This Video Can Exploit Your iPhone (CVE-2025-31200) youtu.be/nTO3TRBW00E?si…

Oh hey! That’s my bug 👀 youtu.be/3HfJj5S_tbk

Enki WhiteHat has detected activity where Kimsuky abuses GitHub as attack infrastructure. Private GitHub repositories are accessed using PATs, leading to XenoRAT deployment. See the full attack flow and the details of how Kimsuky approaches its victims: enki.co.kr/en/media-cente…

🔥🔥🔥

CODEGATE CTF 재미있었어요. pwn가 너무 어려웠어요. 저는 Chromium RCE 와 Windows LPE 두 문제만 풀었어요. SBX가 풀리지 않아서 슬퍼요. 운영 여러분 감사합니다！

Congratulations to all the researchers named to this year’s Most Valuable Researchers (MVR) list, including: VictorV Adnan Khan Dhiral Patel (4o4) sakura 0x140ce Azure k0shl Brad Schlintz zhiniang peng @haifeili Trend Zero Day Initiative nevul37 Bzzzzzzzzzz Angelboy Vaisha Bernard

My ranking changed from 26th to 22nd with 662.5 points earned over the past year. I placed 8th in the Windows category, collaborating with Hwiwon Lee on the SEC-agent team. Thanks to Microsoft Security Response Center for the update, and to ENKI WhiteHat for the support.

Windows Inter Process Communication – A Deep Dive Beyond the Surface, by Haidar Part 1 sud0ru.ghost.io/windows-inter-… Part 2 sud0ru.ghost.io/windows-inter-… Part 3 sud0ru.ghost.io/windows-inter-… Part 4 sud0ru.ghost.io/windows-inter-… Part 5 sud0ru.ghost.io/windows-inter-…

Curious how the Codegate 2025 FullChain was meant to be pwned? From RCE to SBX to LPE... the path to SYSTEM is now public. Official write-up is live! #pwn #CTF #Codegate #RCE #SBX #LPE enki.co.kr/en/media-cente…

Here are the links to the recordings of my prior two webinars: Debug of Hyper-V, Secure Kernel, VBS Enclaves, Defender, and other secrets: attendee.gotowebinar.com/recording/3590… and Advanced Threat Analysis and Reverse Engineering using AI: attendee.gotowebinar.com/recording/4436…

Whoah... $250000 (CVE-2025-4609, similar to CVE-2025-2783/412578726)[412578726][Mojo][IpczDriver]ipcz bug -> renderer duplicate browser process handle -> escape sbx is now open with PoC & exploit(success rate is nearly 70%-80%) issues.chromium.org/issues/4125787… issues.chromium.org/issues/4125787…

Here is the PoC of the exploit for cve-2025-30712 as well as some of the code for the fuzzer i created to find the bug! github.com/google/securit…

How to reach the CTF finals Other CTFs: study hard and grind to capture the flag Black Hat MEA CTF: just trade flags 🥵☠️☠️☠️

Some more of my bugs in Hyper-V are patched in this month's update. I'm able to exploit it to elevate privileges on the last 10 years of Windows. Also seems like more researchers are targetting this component now.