🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Wanted to share a technical blog post that I coauthored on some of the architectural decisions that I helped drive during my time as Chief Architect CrowdStrike all those years ago. Thank you to the team and David Weston (DWIZZZLE) for the partnership. crowdstrike.com/blog/tech-anal…

There’s a brand new conference which means you get another chance to take my Windows Internals class, this time in the US 😄 RE//verse, February 2025, Orlando Florida

techcommunity.microsoft.com/t5/windows-os-… VTL 2, finally publicly announced!

We are excited to welcome Yarden Shafir (Yarden Shafir ) to the team!!!

It’s wonderful to see what Xeno Kovah and his collaborators have built for the community. I always recommend OST2 for my new hires and other juniors, or just anyone trying to get started on a new topic. The courses are excellent. It’s an honor to sponsor the Windows Security Path

2025 is not cool and is not badass. Staff member b0t is evacuating from his home in California due to wildfires. On the other side of the United States, staff member Bradley is facing tragedy. His Father has lung cancer, emphysema, and was diagnosed with acute pneumonia.

Today Microsoft fixed 6 kernel address leaks that I reported CVE-2025-21316 CVE-2025-21317 CVE-2025-21318 CVE-2025-21319 CVE-2025-21320 CVE-2025-21321

I created a hypervisor-based emulator for Windows x64 binaries. This project uses Windows Hypervisor Platform to build a virtualized user-mode environment, allowing syscalls and memory accesses to be logged or intercepted. elastic.co/security-labs/… Project: github.com/x86matthew/Win…

I am happy to announce JonMon2.0 has been published. 2.0 offers a lot of feature updates, as well as stability. More features still to come as time goes on. Enjoy and let me know if you have any issues or questions. Link: github.com/jsecurity101/J…

Today I’m sharing a blog post on the implementation of kernel mode shadow stacks on Windows! This post covers actively debugging the Secure Kernel and also outlines why VTL 1 is relied on to help maintain the integrity of the supervisor shadow stacks! connormcgarr.github.io/km-shadow-stac…

🎉🎉

Come learn Windows Internal with Yarden Shafir at Recon Montreal on June 23-26 #reverseengineering #cybersecurity recon.cx/2025/trainingW…

Day 1 of Windows OS Internals for Security Professionals ✅ with Yarden Shafir and Connor McGarr. Tremendous course. Been wanting to take it for years. On to day 2!!!!

I’m not saying you definitely have to go to BlueHat IL this year, I’m just letting you know it’s free, by the beach and I’ll be there dropping kernel pointers to anyone who asks nicely

Think HVCI and kCET mean the end of kernel code execution? I wrote a blogpost exploring an alternative way to execute a kernel payload! :) blog.slowerzs.net/posts/keyjumpe…

The new blog post on supervisor shadow stack restrictions / supervisor shadow-stack control tandasat.github.io/blog/2025/04/0…

Vulnerability Researcher Yarden Shafir takes the BlueHatIL stage to explore surprising ways kernel pointers can still be accessed, even with modern security measures in place. From ASLR to event logs, she dives into the creative techniques researchers use to uncover new attack

Recon CFP ends in less than 2 weeks on April 28. Prices for the training and conference increase on May 1st. Register now to save with early bird price. We have already announced a few talks and workshops, and more videos from last year have been released. recon.cx

If you update WinDbg today (1.2504.15001.0), you might notice another icon in the View tab of the ribbon, one called "Parallel Stacks". While incredibly useful in its own right, this isn't just a parallel stacks view. It's the introduction of graph visualization for extensions!

My new blog covering user-mode EDR/AV platform and changes to Windows (including the death of the BSoD!!) blogs.windows.com/windowsexperie…