It's time to overcome manual efforts when it comes to purple teaming🚫 Next week—join Matt Hand at the SANS Institute Cyber Solutions Fest for a tactical exercise on streamlining threat detection and response with Prelude. Get signed up: hubs.la/Q02W9CP50

🔬 Applying Test-Driven Development to Detection Engineering Matt Hand describes applying TDD principles to detection engineering * Deploying detection logic * Executing test stimuli (e.g. malware samples or offensive tools) * Evaluating if the desired behaviors occurred

This year's bundle has an amazing selection and I'm so excited to see Evading EDR included. If you haven't picked up a copy, now is a great time to get one 🎁

We’re going to start doing some more informal hangouts in our Discord server and figured we’d host the first as everyone starts winding down for the year. I hope you can join us to talk shop and share what youve learned this year 🙏

We’re adding a new section to Elastic’s HackerOne Bounty Program! Today, we’re opening our SIEM and EDR rules for testing. We’re excited to have another way to thank our community for their efforts on our #detectionengineering. Get more details here: go.es.io/4hdKQCI

Today I’m sharing a blog post on the implementation of kernel mode shadow stacks on Windows! This post covers actively debugging the Secure Kernel and also outlines why VTL 1 is relied on to help maintain the integrity of the supervisor shadow stacks! connormcgarr.github.io/km-shadow-stac…

The team at Prelude Research is looking for Windows internals researchers, reverse engineers, and people passionate about rethinking how we combat modern adversaries. Join us! jobs.ashbyhq.com/preludesecurit…

The new blog post on supervisor shadow stack restrictions / supervisor shadow-stack control tandasat.github.io/blog/2025/04/0…

We're also looking for software engineers to join the team. Rust and Windows development experience are a strong plus. US/Canada preferred but willing to flex for the right person. jobs.ashbyhq.com/preludesecurit…

RUST WINDOWS DOCS MCP. If you've ever done Rust dev with the windows crate, you know it's painful because it makes up API calls, hallucinates types, and can't do feature flags. This MCP server just adds context. It doesn't auto hacks noobs, but it does its job pretty well

I am excited to say my talk at Black Hat USA 2025 was accepted where I will be sharing my recent research on kernel-mode CET as well as KCFG on Windows!

Two years ago, I left red teaming for a new challenge in endpoint security. I'm humbled by the incredible team we've built and so proud to share this research preview of our work. It’s an idea I believe in deeply, and I can’t wait for what’s ahead. 🖤

I’ll be around all day so come say hi if you see me! I’m hiring security researchers and developers. jobs.ashbyhq.com/preludesecurit… jobs.ashbyhq.com/preludesecurit…

Join us in Islander E-I for Connor McGarr’s talk on KCFG AND KCET internals #BHUSA blackhat.com/us-25/briefing…

Today I am releasing a new blog post on VSM "secure calls" + the SkBridge project to manually issue them!! This blog talks about how VTL 0 requests the services of VTL 1 and outlines common secure call patterns!!! Blog: connormcgarr.github.io/secure-calls-a… SkBridge: github.com/connormcgarr/S…

Just posted a pretty unique position. If you're a red teamer that enjoys tradecraft research and writing code, enjoys talking to people, and is ready to get out of the operational grind, take a look. jobs.ashbyhq.com/preludesecurit…

I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-glob…

Endpoint defense needs an architectural shift. With $16M in additional funding, we’re delivering runtime memory protection to the people defending the most important systems on earth. preludesecurity.com/blog/announcin…

Ransomware is out-of-context code execution. Full post from Michael Barclay here: preludesecurity.com/blog/unexpecte…

In Connor McGarr's latest post on Windows ARM64 Pointer Authentication, he dissects how PAC fortifies stack integrity and thwarts exploits at the hardware level. Explore the mechanics of this critical security layer and its role in modern Windows defenses. preludesecurity.com/blog/windows-a…