Join an amazing team working on core virtualization technology at Microsoft! Fully remote! linkedin.com/posts/bruceshe…

Pack arbitrary shellcode into an executable that always has the same MD5 hash: github.com/DavidBuchanan3…

community.arm.com/arm-community-… coming to ARM: shadow stacks, MTE improvements, permission indirection, 128 bit ptes, and more!

As I’ve said before, no one should be in jail just for using or possessing marijuana. Today, I’m taking steps to end our failed approach. Allow me to lay them out.

I’ll be speaking this Thursday Oct 13th at the TPM.dev mini-conference about how OpenSecurityTraining2 will help spread TPM and trusted computing knowledge to help improve architectural security. #OST2 developers.tpm.dev/events/tpmdev-…

MUST READ: The speech by EU top diplomat Josep Borrell Fontelles yesterday about the challenges ahead, saying it as it is (or was): "Our prosperity has been based on cheap energy coming from Russia." Full speech: eeas.europa.eu/eeas/eu-ambass… #EnergyCrisis #OOTT #EnergyTwitter

Excited about KMSAN (uninit-value detector) merged into #Linux kernel: lore.kernel.org/all/2022100813… KMSAN been in works for several years & already found hundreds of bugs in kernel. Incl info-leaks to guest VMs syzkaller.appspot.com/bug?id=34abc06… info-leaks into USB cables syzkaller.appspot.com/bug?id=97bdebb…

Let me show you a random slide from my presentation tomorrow... =)

@[email protected] -- Follow me there ESET Research I'm the last person to defend Microsoft, but this is just not a big deal. There is a minor feature that doesn't work correctly, that's true! But... does the level of your coverage here really match the impact of the problem on the victims you're talking about?

Highlight of social media tonight

🎊 I am pleased to present VMPlex Workstation - A modern, tabbed UI for Hyper-V. The code is open source and the first release is available for download on GitHub. Kudos to Apoc for creating this! github.com/0xf005ba11/vmp…

LIVE: Apple Security Research, our new blog and website at security.apple.com! We launch with an update on Apple Security Bounty (security.apple.com/blog/apple-sec…), and a deep dive into some fundamental XNU memory safety improvements with kalloc_type (security.apple.com/blog/towards-t…). Enjoy!

Yet another v8 JIT bug mitigated by enhanced security mode in Edge

Arm64 Visual Studio 2022 is out of preview starting with v17.4. Go get it. windowscentral.com/software-apps/…

If you are running into this and have a reliable repro, the teams behind these features would LOVE to talk. Here's how to take traces, and also feel free to let me know below or via DM. aka.ms/gameperffeedba…

Josephbialek.infosec.exchange

x.com/Lee_Holmes/sta… I am actively working on CFG performance improvements right now. If folks can repro this reliably we can look at optimizing it. The current stuff I'm working on is unrelated (because we cannot repro this issue).

x.com/elonmusk/statu… "I bought a new house for 40 billion and lit it on fire, the streets are packed with people watching. I must be doing something right!" 🤣.. The only reason I'm logging in to Twitter at this point is for more news about how Elon is destroying it.

Wherein I propose that C++ initialize all stack variables to zero, preventing ~10% of CVEs. Cost: none. 🔗 wg21.link/P2723R0 🔗

MORSE is hiring! We're looking for multiple security researchers to join our Windows-focused team. DMs are open if you have questions, or apply directly: jobs.careers.microsoft.com/global/en/job/…