Smart App Control Internals (Part 2): SAC in action :) n4r1b.com/posts/2022/09/…

techcommunity.microsoft.com/t5/security-co… Azure Signing Svc announced a preview. Goal for service is to make code signing apps simpler, cost effective, and integrated into dev workflow. With signing becomes more important for supply chain and features like Smart App Control this service helps

My new blog: Windows 11 2022 and new security features - this is the most secure version of Windows we have ever produced. Proud of the work the entire team has done, Let's gooooo microsoft.com/security/blog/…

Read about kernel sanitizers, powerful detection features that can uncover bugs in kernel-mode components, and how they enable Microsoft engineering teams to identify and fix vulnerabilities earlier in the software development cycle: msft.it/6014eCpbq

Pleased to announce that the materials of Hypervisor 101 in Rust🦀is now public! A one-day long course taught at #gccsec, to quickly learn hardware-assisted virtualization technology and its application for high-performance fuzzing on Intel/AMD processors github.com/tandasat/Hyper…

#ESETResearch analyze first in-the-wild UEFI bootkit bypassing UEFI Secure Boot even on fully updated Windows 11 systems. Its functionality indicates it is the #BlackLotus UEFI bootkit, for sale on hacking forums since at least Oct 6, 2022. Martin Smolar welivesecurity.com/2023/03/01/bla… 1/11

Windows is putting Rust in the kernel 🤯 learn more at my BlueHat IL talk.

The Intersection of Apple’s USB Lower Filter and iPhone-WPD Integration. Fun fact: ChatGPT helped me write most of this post.🤖📝 n4r1b.com/posts/2023/03/…

(1/n) WinDbg finally released outside the store, and no more "Preview"! Ecstatic to see my old team hit this milestone! It's come so far since Andy Luhrs and I started the "WinDbgNext" project so many years ago. learn.microsoft.com/en-us/windows-…

Geoff Chappell passed away today on his own terms, surrounded by family and while his good humor remained intact. Please listen to a Beatles record and read a little assembly code in his honor.

Absolutely tragic news. Geoff Chappell, the reverse engineer and author, has passed away today. His work was incredible. Our deepest condolences to Geoff's family, friends, and colleagues. Check out Mr. Chappell's work. It's amazing: geoffchappell.com

A collection of Windows Driver utilities for Rust 🦀. Still very alpha but I'll keep working on it actively so feel free to open requests or issues!! :) github.com/n4r1b/win-drvu…

Be prepared to lose your kernel pointers! Windows will soon start restricting KASLR leaks to non-admins: windows-internals.com/kaslr-leaks-re… (mentioned this here before but figured it's worth a blog post)

Write up of the HVCI bypass vuln (CVE-2024-21305) with Andrea Allievi ! tandasat.github.io/blog/2024/01/1…

Intel Hardware Shield deep dive: part 1 is user-mode System Management Mode (ISRD). tandasat.github.io/blog/2024/02/2… ISRD is beautifully architected, and I have enjoyed studying it a lot. Excellent work by Intel.

I have been making progress in adding hypervisor learning resources in Rust for my upcoming classes. ✅Supports both AMD and Intel with single code ✅Compiles into UEFI and Windows drivers ✅Uses stable Rust ✅Runs on Bochs and VMware with one shortcut key

Excited to share my latest article: PgC - a novel approach to disable Patchguard during runtime using basic memory management principles. It has worked against every version of Patchguard for the last 7 years, without needing any updates! blog.can.ac/2024/06/28/pgc…

This strange tweet got >25k retweets. The author sounds confident, and he uses lots of hex and jargon. There are red flags though... like what's up with the DEI stuff, and who says "stack trace dump"? Let's take a closer look... 🧵1/n