microsoft: Exploit Code Unporoven me: i literally gave you a compiled PoC and also exploit code m$: No exploit code is available, or an exploit is theoretical. me:

Yuki Chen This happened. It turns out maintaining consistency at 4x-6x the previous volume is a really hard problem. Honestly, a misc CVE field is the least of my worries- inconsistencies in what's considered an "Important" vulnerability is what keeps me up at night 🥲

Great bug, great talk! I’m sure I’m not the only one who looked at the binder code and missed this :)

New Project Zero blog post by Sergei Glazunov and Mark Brand: Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models googleprojectzero.blogspot.com/2024/06/projec…

New blog post "Google: Stop Burning Counterterrorism Operations" My reflection on an incident where Project Zero and TAG knowingly shut down an active Western counterterrorism cyber operation, and the real-world harm that could have resulted from it. poppopret.org/2024/06/24/goo…

Michael Coppola Skill issue. Such failures will be dealt with by moving to the next exploit chain and the next C2 server. TAG has the freedom to report on and/or patch any issues discovered by them. Poor SIGINT OPSEC is what the actual issue is, I expect better tradecraft from SIGINT operations.

The cynic in me is saying that if you are a secret agent on a counterterrorism mission, it's kinda your job not to have your secret equipment confiscated by the mall cop on the segway, so I think the lady doth protest too much. (Random subtweet)

Sassy, tongue-in-cheek, but honest recounting of the recent Mitre MDR evaluations:

When embarking on a new vulnerability research project it is important to perform extensive background research into the area to gather as much info as possible to supplement and guide j00ru//vx describes these learning resources for the Windows Registry: googleprojectzero.blogspot.com/2024/06/the-wi…

Thanks to everyone who attended my REcon and BlueHat IL talks! The exploit and slides are here: github.com/gabriellandau/… If you took any photos during either of the talks, please share them here. Also, please don't hesitate to stop me to say hi!

RCE in SSH, this is a thing of beauty qualys.com/2024/07/01/cve…

kernel driver dev is hard!! this is why the osr guys are so mean

Maybe companies shouldn’t have gotten rid of QA teams because “devs can write unit tests and that’s basically the same thing”?

After over a decade in cybersecurity I sometimes forget that a lot of tech probably has never heard of Crowdstrike (as is now apparent by all the posts) You’ve probably also not heard of Field Effect so here is your chance (no I don’t work for them) fieldeffect.com/blog/recoverin…

My take on this: “… appears to be starting a conversation about…” is corporate speak for “there’s nothing we can do about this and we’re waiting this out”. There’s currently no alternative to running Windows EDRs in kernel mode and there’s not going to be one any time soon.

In the wake of the CrowdStrike crash event, some interesting articles have been published that explore some perspectives of security vendors in the Windows kernel. I penned a blog for another perspective. Sean Endicott Davey Winder Andrew Cunningham fieldeffect.com/blog/the-brass…

I’m thrilled to share my latest blog post! This one focuses on the bug hunting process: inspiration, approach, and execution. I also provide a retrospective on how the bug was introduced and analyze the insufficient “patch”. Check it out: securityintelligence.com/x-force/little…

It's time to take a closer look at CVE-2024-38063 (Windows TCPIP RCE). I usually don't post partial analysis but since most available info is unreliable I'll do my best to try and shed some light. This time I'll focus on my workflow and thought process as we go. 🧵

Micropatches were released for Windows Cryptographic Services Remote Code Execution Vulnerability (CVE-2024-29050)

Introduction to Windows Cryptographic Services RCE CVE-2024-29050 v-v.space/2024/08/23/CVE…