ayyyyyyyyyy HLAT PTE protection is ALIVE b33f | 🇺🇦✊

...Glad to see that my tool is used by PRO like David Weston (DWIZZZLE) ... and glad to see that we can introduce HVPT publicly finally :-)

Linux kernel merged the x86 shadow stack support, part of Intel's Control-flow Enforcement Technology (CET): git.kernel.org/pub/scm/linux/…

"Bypassing the HVCI memory protection" at #HEXACON2023 discusses remapping attack with an application to code pages. If you wonder what mitigates this, you can check out HLAT (VT-rp) youtube.com/watch?v=WWvd2_…

Intel Labs Contributes Key Technologies to New Intel Core Ultra and Intel Xeon Scalable Processors -Datapath and Register File Technologies in NPU -DLVR -Side-Channel Resistant AES -Quantum Resistance -Redesign of VT-d -AEX-Notify community.intel.com/t5/Blogs/Tech-…

Write up of the HVCI bypass vuln (CVE-2024-21305) with Andrea Allievi ! tandasat.github.io/blog/2024/01/1…

I'm excited about the progress on Virtualization-based Security being ported from Windows to Linux: lpc.events/event/17/contr… Ubuntu-LVBS is here: github.com/heki-linux/lvb…

24H2 enables HVPT (VT-rp / HLAT) to prevent remapping attacks. You can check if it is enabled with msinfo32, systeminfo, or Andrea Allievi 's sktool v1.2+. Here is also sample code for that to save your time with reversing. gist.github.com/tandasat/890d4…

NT meet FRED :-)

V8 Sandbox escape/bypass/violation and VR collection github.com/xv0nfers/V8-sb…

Reducing the attack surface in the Azure hypervisor with a Rust VMM and hardware offload: techcommunity.microsoft.com/t5/windows-os-…

Heap exploitation, glibc internals and nifty tricks. blog.quarkslab.com/heap-exploitat…

I've published the repo for Byepervisor (we love named vulns out here). Contains exploit implementation for two PS5 hypervisor bugs for 2.xx and lower. Slides from the talk + vod should hopefully be published soon. github.com/PS5Dev/Byeperv…

I created a hypervisor-based emulator for Windows x64 binaries. This project uses Windows Hypervisor Platform to build a virtualized user-mode environment, allowing syscalls and memory accesses to be logged or intercepted. elastic.co/security-labs/… Project: github.com/x86matthew/Win…

Paged Out! #6 is out! pagedout.institute Totally free, 80 pages, best issue so far! 'nuff said, enjoy! (please RT to help spread out the news!)

Nice to see Intel and MSFT's posts on VT-rp / HVPT. If you are interested in playing with the feature, simple example code is here: github.com/tandasat/Hello…

The new blog post on supervisor shadow stack restrictions / supervisor shadow-stack control tandasat.github.io/blog/2025/04/0…

AI agents that can browse the Web and perform tasks on your behalf have incredible potential but also introduce new security risks. We recently found, and disclosed, a concerning flaw in Perplexity's Comet browser that put users' accounts and other sensitive info in danger.