“Beginning with Windows Server 2025, dtrace is included as a built-in tool.” This is awesome to see! learn.microsoft.com/en-us/windows-…

My first blog got published in Trend Micro Research trendmicro.com/en_ca/research… We analysed a cryptojacking attack campaign exploiting exposed Docker remote API servers to deploy cryptocurrency miners, using Docker images from the open-source Commando project. #CryptoJacking #Campaign

We've published our writeup of CVE-2024-20693, a vulnerability in Windows that allowed spoofing the code signature of binaries by placing them on an SMB share. This research originally was about something different, but we ran into a signature check... sector7.computest.nl/post/2024-06-c…

Kids these days will never understand true pain Atmfd.dll call function graph (120kb file)

I, along with my colleague Sunil, just published another blog in Trend Micro Research Here we talked about how threat actors are exploiting public facing jenkins servers to deploy crypto miners. trendmicro.com/en_ca/research… #CyberSecurity #cryptominer #Campaign

Yo someone go fuzz the channel update parser

I think the hype for detection got out of hand over the years. SIEMs and eventually EDRs have skewed the perception of everybody doing security into thinking that they are a must, whilst in reality they are tooling that sits on top of a system that's already working to ensure

I shared my research at HITCON titled "Shuttling Through Secret Pipes: Unveiling Vulnerabilities in Leading VPNs." I open-sourced NamedPipeMaster, the tool I used to identify the vulnerabilities. See demo: youtube.com/watch?v=zUiCEr… github.com/zeze-zeze/Name…

Final part of implementing a new kernel object type: scorpiosoftware.net/2024/09/07/imp…

We're thrilled to highlight our long-standing partnership with CYBERSTANC & their #AI-driven engine! Over 2.5 years, they've shown exceptional reliability & accuracy, earning the Arbiter role in our marketplace. Learn more about our other partners here: polyswarm.network/engines

Red Teaming in the age of EDR: Evasion of Endpoint Detection Through Malware Virtualisation blog.fox-it.com/2024/09/25/red…

CVE-2024-21310: Microsoft Cloud Filter Driver의 Numeric Truncation으로 인한 Pool Overflow 취약점 오늘은 윈도우의 Cloud Filter Driver에서 발견된 Pool Overflow 취약점입니다. 활성화해야하는 옵션이 있어서 팡팡 터지지는 않겠지만 흥미로운 취약점이었어요🧐 hackyboiz.github.io/2024/09/28/j0k…

mfw the anticheat ships without virtualization:

Fighting kernel AC? Just buy an EV Code Sign Signature they said, it be fun they said ferib.dev/blog/EV-code-s…

I published a post describing the exploitation process for CVE-2024-38193, a use-after-free vulnerability in the afd.sys Windows driver. Hope you enjoy it! :) blog.exodusintel.com/2024/12/02/win…

Black Lotus Labs This blog is the first in a two-part series detailing these findings and providing insights into Secret Blizzard's TTPs. Get mitigation, detection, & hunting guidance along with indicators of compromise to stay informed and to protect your organization: msft.it/6017oE6pl

Loader Lock Ownership Semantics by Jack Ullrich winternl.com/loader-lock-ow…

Good and interesting presentation by Joe Bialek: Pointer Problems – Why We’re Refactoring the Windows Kernel: youtube.com/watch?v=-3jxVI… #microsoft #windows #kernelsecurity #programming

Really cool repo I came across that reverses/reimplements LoadLibrary. Very useful to have a chart / code depicting what all happens and when github.com/paskalian/WID_…