Super happy and excited to share our security analysis of CHERI ISA, written by Nicolas Joly, 0x5A1F and myself. We'll be more than happy to get your feedback! :) github.com/microsoft/MSRC…

#ConfidentialComputing Protecting Applications and Data In Use November 10th, 2020, Tuesday, 8:30 AM PST / 3:30 PM GMT Register for the webinar here: confidentialcomputing.io/webinar/

We are hiring a Principal Product Manager. If you have a growth mindset, worked in cloud infrastructure, love virtualization and hardware, understand cloud security, and solving at-scale customer opportunities please DM me. #confidentialcomputing careers.microsoft.com/us/en/job/9530…

Every year I try to do a little project for the end of the year to unwind and have fun 🎉 This year I made a Windows virtual address space explorer called 🔮 Clairvoyance; check it out! github.com/0vercl0k/clair…

I've published a blog post on improving the Windows AMD64 memset implementation: msrc-blog.microsoft.com/2021/01/11/bui… cc Travis Downs

We're sharing additional details related to the attacks by the threat actor that Microsoft tracks as ZINC targeting security researchers. Read our analysis, and get IoCs, detection and hunting information, and recommended actions and preventive measures: msft.it/6013pQAmT

Insightful talk by Guy Winch on how work stress often doesn't happen at work but when we ruminate about work after hours. Seeing this so much more in myself and others in security as we all work where we live. Working on this. ted.com/talks/guy_winc…

MSRC is hiring an engineering manager. Great opportunity to help manage a great team! careers.microsoft.com/us/en/job/1019…

New blog on the background and methodology of some research I did into escaping Windows Server containers, why the bugs were eventually fixed, and why you still shouldn't use them :-) googleprojectzero.blogspot.com/2021/04/who-co…

A few months ago Cellebrite announced that they would begin parsing data from Signal in their extraction tools. It seems they're not doing that very carefully. Exploiting vulnerabilities in Cellebrite's software, from an app's perspective: signal.org/blog/cellebrit…

Everybody loves QEMU, but it sometimes feels like black magic. Check out this series of blog posts by Stéphane for a practical deep dive in QEMU internals: adding a device, interrupts, timers, PCI, etc. github.com/airbus-seclab/…

Seeking next career challenge? Here is an opportunity to work with best of security minds. careers.microsoft.com/us/en/job/1043…

Arm CCA will put #confidentialcomputing in the hands of every developer #azure arm.com/company/news/2…

Join us for #MicrosoftIgnite next week to learn about #Azure #confidentialcomputing news and announcements myignite.microsoft.com

Here is the blogpost on the work we did to randomize the SharedUserData structure in Windows! :) msrc-blog.microsoft.com/2022/03/30/ran…

In 2018 we had a summer intern who stumbled across a trove of macOS kernel vulnerabilities known as Intel Graphics. Here's how we exploited just one out of these dozens of issues to escape the Apple Safari sandbox at Pwn2Own 2021: blog.ret2.io/2022/06/29/pwn…

Are you interested in cloud #security? OC3 is the premier event for #confidentialcomputing. There will be 25+ speakers from industry-leading companies and an exciting CTO panel with Greg Lavender @markrussinovich, Mark Papermaster, and Ian Buck. Sign up: oc3.dev⬅️

Chris Beck from MobileCoin will showcase MobileCoin Fog at #OC3. oc3.dev/registration

Tune in tomorrow at OC3 to listen to Swamy S Nagaraju (Swamy Shivaganga Nagaraju) and Christopher Orsini's talk "Customer managed and controlled Trusted Computing Base (TCB) with CVMs on Azure". They will present one of the latest Azure deployment options oc3.dev/registration