If I had a penny for each time I get ducked by Nt/ZwAllocateVirtualMemory writing the rounded up page size into the RegionSize variable, which I then use later thinking it still had the original value, I could probably buy myself a copy of Windows Internals 🤮

If you update WinDbg today (1.2504.15001.0), you might notice another icon in the View tab of the ribbon, one called "Parallel Stacks". While incredibly useful in its own right, this isn't just a parallel stacks view. It's the introduction of graph visualization for extensions!

With some guidance from DebugPrivilege I've found a way to easily dump clear text implants even while they sleep. Bad day for sleep obfuscation 💤 blog.felixm.pw/rude_awakening…

goated 🙏😔

Sunday project: Running a virtual machine in an OpenCL kernel/shader to execute arbitrary code on the GPU. API calls and host memory R/W still has to trap into the CPU of course, but a fun exercise in GPU malware :3

huntress.com/blog/inside-bl… Wild intrusion & great analysis 👀

I'm happy to finally release NovaHypervisor! NovaHypervisor is a defensive hypervisor with the goal of protecting AV/EDR vendors and crucial kernel structures that are currently uncovered by VBS and PatchGuard. Full explanation below 1/6. github.com/Idov31/NovaHyp…

When the CTF challenge is hosted in korea and has a 5 second time limit for the solution, so you have to rent a VPS in japan to avoid the network bottleneck

I was too lazy for disclosure, which is why I posted about it instead. Theres probably like a few hundred practically free CVEs for privesc for whoever wants to claim them in there :3

As a little follow up, I wrote a small blog post/tutorial on how to reverse engineer windows drivers with IDA - this is aimed at people that newer touched drivers before and covers IOCTL codes, IRPs and some IDA shenanigans with unions. eversinc33.com/posts/driver-r… Enjoy :3