Today I’m sharing a blog post on the implementation of kernel mode shadow stacks on Windows! This post covers actively debugging the Secure Kernel and also outlines why VTL 1 is relied on to help maintain the integrity of the supervisor shadow stacks! connormcgarr.github.io/km-shadow-stac…

ICYMI: Off By One Security hosted our very own Connor McGarr for a deep dive into kernel mode shadow stacks & the secure kernel on Windows, building on his detailed blog post. Watch here ▶️: youtube.com/watch?v=T7qxs-…

.Prelude Research is also now looking for software engineers in pursuit of the efforts mentioned in the previous tweet! Posting: jobs.ashbyhq.com/preludesecurit…

RUST WINDOWS DOCS MCP. If you've ever done Rust dev with the windows crate, you know it's painful because it makes up API calls, hallucinates types, and can't do feature flags. This MCP server just adds context. It doesn't auto hacks noobs, but it does its job pretty well

I am excited to say my talk at Black Hat USA 2025 was accepted where I will be sharing my recent research on kernel-mode CET as well as KCFG on Windows!

See you tomorrow at #BHUSA preludesecurity.com/blackhat

Join us in Islander E-I for Connor McGarr’s talk on KCFG AND KCET internals #BHUSA blackhat.com/us-25/briefing…

I cleaned up the code I have been working on for the last few days into a tool I’m calling “Vtl1Mon”! Vtl1Mon traces VTL 1 enter (“secure call”) operations via ETW and also call stack/symbol enhances the events! github.com/connormcgarr/V…

Today I am releasing a new blog post on VSM "secure calls" + the SkBridge project to manually issue them!! This blog talks about how VTL 0 requests the services of VTL 1 and outlines common secure call patterns!!! Blog: connormcgarr.github.io/secure-calls-a… SkBridge: github.com/connormcgarr/S…

Endpoint defense needs an architectural shift. With $16M in additional funding, we’re delivering runtime memory protection to the people defending the most important systems on earth. preludesecurity.com/blog/announcin…

In Connor McGarr's latest post on Windows ARM64 Pointer Authentication, he dissects how PAC fortifies stack integrity and thwarts exploits at the hardware level. Explore the mechanics of this critical security layer and its role in modern Windows defenses. preludesecurity.com/blog/windows-a…