🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

MSFT blog is here: techcommunity.microsoft.com/blog/windowsos…

techcommunity.microsoft.com/blog/windows-i… Finally! I personally worked on Hotpatch, together with my team 3 years ago... and now is finally approaching client versions of Windows... Yuuuyuuu!

PagedOut! #6 magazine is out! This edition features two articles from our ninjas: - Implicit Unicode behaviors in database string functions - Calling Rust from Python: A story of bindings Dive into their insights here: pagedout.institute

If you ever think there are no more bugs left to find… this Linux kernel bug was just patched yesterday and existed for 5 YEARS

Microsoft threat actor found in the wild

Did not expect to get morning affirmations from AI catgirls but here we are

This morning at #BlueHatIL - Yarden Shafir opens Event Viewer, finds 6 CVEs :) Also reminds us that RPC is always an interesting attack surface. Great talk! 🔥

Thank you BlueHat IL for having me! One of my favorite audiences ever

Really excited to give a talk at SINCON this year! I'll be presenting my tool github.com/CrowdStrike/dr…, that helps making the most of WinDbg in a minimum amount of time

My new blog for Check Point Research - check it out! 💙 // #ProcessInjection : #WaitingThreadHijacking

Ill be teaching a 4-day Linux Malware Reverse Engineering training at Recon this year, so psyched 😱 recon.cx/2025/training.…

I am thrilled to be back and offer the in-person training once again at Hexacon, the fabulous conf. in Paris hexacon.fr/trainer/tanda/ Get hands-on experience with virtualization and learn real-world applications and bugs of them! The tickets will be available for purchase soon.

📅 Mark your calendars! hexacon.fr

If you update WinDbg today (1.2504.15001.0), you might notice another icon in the View tab of the ribbon, one called "Parallel Stacks". While incredibly useful in its own right, this isn't just a parallel stacks view. It's the introduction of graph visualization for extensions!

AI search engines are the future

I'm reposting my IBM blog dealing with Lazarus and "Direct kernel object manipulation (DKOM) attacks on ETW providers" on knifecoat 🔪🧥 knifecoat.com/Posts/Direct+K…

Windhawk was just updated with ARM64 support! ramensoftware.com/windhawk-v1-6-… Making it work took more than just compiling it for ARM64, as the image below illustrates, and resulted in the following side projects: • MinHook-Detours. • wow64pp-x64-arm64 (Heaven’s Gate). Info, links: ...

In this most recent phase of Microsoft hating its users, shared OneDrive folders can't be accessed locally anymore. A link is just a url link, with no local access whatsoever. This has been as issue for a year now, with no response from Microsoft: reddit.com/r/Office365/co…

I got hit with the CRWD RIF. Looking for any DFIR Consulting or SecEng-ish role.. Been doing DFIR for 5 years both at CRWD and at Cylance- I can provide references and resume on request.

FYI if you’re willing to link with ntdll or dynamically resolve it there’s a ton of APIs that return TEB/PEB or leave them in one of the registers. (Don’t believe official return values. MSDN is a liar!)