Linux kernel now supports Intel CET git.kernel.org/pub/scm/linux/…

this is such a good debugging story ("Rust std fs slower than Python!? No, it's hardware!”) xuanwo.io/2023/04-rust-s…

Great piece of history: why Linux utilities tend to run poorly on Windows. github.com/microsoft/WSL/…

It's a full win! During the first day of #Pwn2Own Vancouver 2024, we demonstrated a fullchain exploit that escaped from an Oracle Virtualbox's virtual machine, followed by a local elevation of privilege on the Windows 11 host!

Just because you get access denied accessing a folder, it doesn't mean you can't get access. A quick look at bypassing the security on the WindowsApps folder. tiraniddo.dev/2024/06/workin…

After nearly 10 years of existence, years of use in production on 10k+ computers. The new PythonForWindows release is 1.0.0 \o/ This release adds three important things: official python 3 support, full Unicode support for py2/py3 & CI testing on GitHub ! github.com/hakril/PythonF…

Kdrill, an open source tool to check if your kernel is rootkited🔥 A python tool to analyze memory dumps AND live kernel. No dep, py2/3, no symbols 💪 It rebuild on the fly kernel structs and check suspicious modifications (and if patchguard is running 👀) github.com/ExaTrack/Kdrill

In our search for new forensic artifacts at ExaTrack, we sometimes deep dive into Windows Internals. This one is about COM and interacting with remote objects using a custom python LRPC Client. STUBborn: Activate and call DCOM objects without proxy: blog.exatrack.com/STUBborn/

Pong, but it's VBS enclave tulach.cc/using-vbs-encl…

in today's 'no way, is it real?' we found out that Palo Alto's PAN-OS CVE-2024-0012 and CVE-2024-9474 were the equivalents of saying 'turn off auth and give me a shell'. Enjoy! labs.watchtowr.com/pots-and-pans-…

After 6 years, I made a blog thingy again. This time about MmScrubMemory. An innocuous looking function that has bitten my ass several times in the last several years. And if you're developing a hypervisor, it might've bitten yours, too. wbenny.github.io/2024-11-21-mms…

3+ YEARS of stealth! We uncovered new tactics used by the perfctl malware, including a userland rootkit & an SSH backdoor (a single SPACE in /etc/passwd!). More insights: blog.exatrack.com/Perfctl-using-… #cybersecurity #threat_hunting #linux #infosec #perfctl #rootkit #ssh #exatrack

I just reached 600 stars on PythonForWindows ! \o/ github.com/hakril/PythonF…

I wanted to know how WMI Win32_OperatingSystem.Caption get the correct Version number (ex: "Microsoft Windows 11 Pro"). Turns out it's a DLL export: winbrand!BrandingLoadString. And there is a patent for that : patentimages.storage.googleapis.com/94/ab/cb/7c1f5…

Yes, PDF runs DOOM! th0mas.nl/downloads/doom… (PDFium only for now)

The second part of my #WinDbg deep-dive into the #Windows #bootloader is up: Get ready for a decades-old registry structure, unique sorting algorithms, and lots of corner cases. The result is a modern Rust replacement for Mark Russinovich's LoadOrder tool: colinfinck.de/posts/nt-load-…

For the first time, our training "Bug Hunting in Hypervisors" is open to the public at REcon ! Designed for security researchers,we will dive into VM escapes, hypervisor attack surfaces, and real-world exploitation. More info: recon.cx/2025/trainingB…

"A calculator app? Anyone could make that." Not true. A calculator should show you the result of the mathematical expression you entered. That's much, much harder than it sounds. What I'm about to tell you is the greatest calculator app development story ever told.

🚨 WARNING: A fake domain—cff-explorer[.]com—has been registered to distribute malware. It currently appears as the top Google result when searching for "CFF Explorer". The only legitimate domain is ntcore.com.

🚀 Take your malware analysis skills to the next level with Exalyze Discover our unique capabilities to compare malware code with our entire database, identifying similar samples and uncovering hidden connections. 👉 exalyze.io Exalyze