Last year, Apple shared a high-level overview of "Memory safe iBoot implementation". I thought it would be nice to reverse and write about it, hope you will find it interesting :) saaramar.github.io/iBoot_firebloo…

We're super excited to announce the release of snmalloc 0.6.0 with a load of new security features that no other allocators have. We have a small write up of the features: github.com/microsoft/snma… 🧵(1/5)

Second part of the iBoot Firebloom blogpost series is up! This time, reversing the functionalities around the type pointer :) Hope you'll find this interesting! saaramar.github.io/iBoot_firebloo…

Second part of Saar Amar ‘s great work RE’ing iBoot Firebloom

I'm looking for talented software engineers for multiple positions in the Windows Kernel team to create the best platform for Azure, Xbox, HoloLens and Desktop. linkedin.com/feed/update/ur…

One of my favorite people to work with. Big recommendation from me if you’re interested in working with amazing kernel engineers.

What is the true impact of a blind arbitrary kernel pointer read primitive? DoS, second order info leak, or is something more possible (EoP / RCE)? I'll be discussing this at 44Con next month, come and join us! 🙂

I was super excited to talk to 44CON today, thanks for having me! If you spot me and want to talk about kernel exploits, come and say hello! If you missed the talk, check out the MSRC blog post I did: msrc-blog.microsoft.com/2022/03/22/exp… 🙂

Speaking of Function Overrides... here is the video of my presentation: recon.cx/media-archive/…. Thanks REcon and Hugo Fortier !

Time for a new blogpost! Let's do a CHERIoT walkthrough - including a straightforward setup, understanding how we kill bug classes and mitigating attacks on our minimal TCB through practical examples, and more fun! msrc.microsoft.com/blog/2023/02/f…

Yesterday's Patch Tuesday saw the release of 10 CVEs I found in DNS! These could potentially allow an authenticated attacker to gain remote code execution. A huge thank you to the DNS team who worked through and fixed these. msrc.microsoft.com/update-guide/v…

Why is the best defense good offense? like..why is the best defense not the best offense, how does a superlative in one domain equate to merely “good” in another… #RandomThoughtsThursday

We have our Microsoft STRIKE Capture the Flag winners! Drumroll, please!🥁 Congrats to the top 3 teams: 🥇JasonsJsons 🥈Capture the Food 🥉0xCAFEBABE #MSFTSTRIKE

MSRC Vulnerability and Mitigation (V&M) team is expanding into exciting challenges of Open-Source vulnerability response and research. This is an opportunity for you to redefine how Microsoft respond and research in this space. Interested? Apply @ jobs.careers.microsoft.com/us/en/job/1611…

MSRC V&M is expanding and is looking for a leader who can guide team of hackers in tackling challenging problems in the areas of Open Source, Supply Chain and Hardware security. If you have the skills and passion for vulnerability management. Apply Now @ jobs.careers.microsoft.com/global/en/job/…

To help protect against NTLM relay attacks, we’ve enabled Extended Protection for Authentication (EPA) by default in Windows Server 2025. This update strengthens key services like Exchange Server, Active Directory Certificate Services (AD CS), and LDAP, making identity compromise

This week's Patch Tuesday included 8 CVEs that Rohit Mothe and I found! We've been focusing on findings ways to bypass MapUrlToZone and found several very interesting ways to confuse it. This is an API we've seen a lot of interest in lately, so good to have it locked down!

Looking to hire 2 experienced Security Researchers in the US for the Exploits Research Team within the Microsoft Security Response Center (MSRC) Senior Security Researcher jobs.careers.microsoft.com/global/en/shar… Security Researcher II jobs.careers.microsoft.com/global/en/shar…

Super excited Rohit Mothe and I will be speaking tomorrow about some of the bugs we found in MapUrlToZone DEF CON!

At DEF CON 33, George Hughey (George Hughey) and Rohit Mothe (Rohit Mothe), Senior Security Research Managers at MSRC, took us back to the 90s with their talk on the ghost of Internet Explorer in Windows: MapUrlToZone. They uncovered how this legacy API, used by Outlook, Office,