Tom Plant

@awakecoding agreed, but they said it's too hard 🥲github.com/flutter/flutte… a fair few popular apps rely on bat/vbs/ps1 entrypoints, not sure why

@pl4nty Well, maybe the Flutter SDK should expose a proper executable instead of a batch file wrapper?

It's mind blowing to me that the way to install Flutter on Windows to get the flutter CLI available to the command-line is to manually download and extract a zip to then add it to PATH. No installer, no winget package... what year is it?

@NathanMcNulty @merill @CyberQueenMara @SkipToEndpoint I think they have calls for each benchmark. I try to join the Intune one when it's 11pm, but half the year it's midnight-1am...

@merill @CyberQueenMara I know @SkipToEndpoint does on the endpoint side I wish I could join those, but they're like 6 AM my time. No clue if they ever hold meetings for the M365 stuff. I just have to fix all the issues they create :p

Another day, another bad set of CIS recommendations Here are the items you do not want to do in this list: 5.1.5.6 - Ensure maximum certificate lifetime for applications does not exceed 180 days ⚠️ This will silently break cert renewal for all of your SAML based SSO apps...

the most effort I've ever put into a CTF challenge: with a novel format that maximizes the human impact in scoring minions in 16k guest authored for @ProjectSEKAIctf, happening this weekend!

@_mixy1 @ProjectSEKAIctf alright I'm clearing my weekend to play, CTFs aren't dead yet 🙏

@Lentils80 nice work mate

@pl4nty 😉

🚨Major Scoop: The first Claude 5 model, Claude Fable 5 (Mythos-class model) is gonna release very soon! It's the same underlying model as Mythos but with increased guardrails, headed to public release

@mikejulian @HubSpot looking at rolling our own HubSpot MCP server 😔

I really like @HubSpot but the poor MCP support has become a real issue for us I know I'm gonna regret asking, but: what's the CRM folks are excited about these days?

@byteben @IntuneSuppTeam there's an unlisted doc for the Graph headers, but I can't find the MAA exclusion UI in canary or prod learn.microsoft.com/en-us/intune/f…

@IntuneSuppTeam calling the kool kids. Docs say we can exclude enterprise apps from MAA policies. Nothing in the admin centre or Graph to do this - what’s the gap? MAA never used to impact app-auth flows…does this doc officially mean it now does? Thanks #exclude-enterprise-applications-from-an-access-policy" target="_blank" rel="nofollow noopener">learn.microsoft.com/en-us/intune/f…

"Dad, what was it like playing CTFs before AI?"

Last year, on a vacation, @S1r1u5_ and I were discussing about the human need for validation and how most things we do can be tied to it, consciously or subconsciously. Mohan asked, Would you still be doing what you do (hacking, publishing blogs, competing, etc.) if no one was there to see it? At that time, my answer was "yeah, probably?" Today, the world has somewhat come to that. All the things you thought gave you validation are now norms. Things you once took pride in can be replicated in a few prompts. I mean, people are dropping 0days everyday now, and there's an unlikely chance of your blog getting reads so there goes that validation. So would you still do it on your own? For your own sake and sanity? My answer is a confident yes now. In the last couple of months, I've seen models find bugs autonomously or sometimes with just a bit of a hunch from me, but sharing these bugs publicly hasn't been rewarding. And not in the sense of likes or reach alone, I've just been less motivated overall. I have a few blogs sitting in my queue, and what I'm noticing is I keep procrastinating, because there's not much authenticity to my own work in them, and I don't have the enthusiasm to share the same story again, how the model found this and that. I think if you really love the game, sooner or later, you have to come to terms with the fact that to stay sane, you need to go back to that problem-solving phase, otherwise it gets pretty depressing. As much as I love watching LLMs find bugs, it feels soulless at times.. all this is a signal to me that I can't function like this in the long run. It makes me feel dopamine-deprived, and I need to be hacking shit on my own.. Now, when I say "on my own", I don't mean no AI, AI bad. No, not at all.. There's a big difference between using an LLM as an accelerator in your work vs delegating your understanding to it. From a long-term pov, the former is the only path imo, and even then, the mind map you build on your own is very different from the one you'd end up with leaning on LLMs. The dopamine hit isn't even close to figuring shit out on your own. Seeing how AI is making 0days the norm and CTFs no longer the same.. The question is more real now than ever. Would you still sit down and hack stuff even when no one's watching, knowing people might be on top of the leaderboard via AI, just for the love for the game?

Rust reverse engineering is about to get a lot easier. 🦀 I'm thrilled to announce that Oxidizer, the first Rust decompiler, has been officially merged into angr! Try it out: github.com/angr/angr You can also find the paper here: github.com/sefcom/oxidize…

@0xfluxsec np, I think it mostly uses .ame.gbl which should be resolvable from Azure VMs etc. but the root and crl are public crl.microsoft.com/pkiinfra/certs…

@pl4nty Oh interesting… 👀 I’ll do some digging into that, I can’t say I’ve seen it before, thanks!

deadbeef in the secure kernel? I kinda wanna know why, and what scenario do they expect deadbeef in memory. 1) debugging code left in? 2) easter egg? 3) vibe coded? 4) just a marker? it is getting some certificate thumbprint if all the conditions match i guess 5) backd00r?

@0xfluxsec AME is prod PKI, and used for signing - I think danonit posted a leaked Windows binary signature chained to an AME root. maybe the deadbeef part is just for testing though?

So this is backed by the symbol: rgbMicrosoftAzureAmeRoot0_PubKeyInfo in skci.dll, in which the DLL is imported by securekernel.exe, BUT this function is not explicitly imported there. Maybe its just some public key from CI? Maybe its used in azure servers or some internal stuff? ^^ I want to find where it is used Probably some engineer having fun whilst making some infra?

People saying that Linux is doomed by LLM are either trolling or don't know about Linux vulnerability research at all. Before we have good LLM, kernelCTF was still really competitive, and LPE got patched all the time, silently. Not on the news != not important.

@merill congrats mate! excited to see what you do next 😊

Hey folks, some personal news. I’m leaving Microsoft. It’s been a privilege to work here, and I’m incredibly grateful for the people I’ve worked with, the customers I’ve learned from, and the support so many of you have shown me along the way. I’m now starting out on my own and chasing a dream I’ve had for a long time: building software that makes security more practical, accessible, and useful for the people doing the work every day. Why now? With all the change happening around us, I feel like new possibilities are opening up. I want to spend this next chapter building things I care deeply about, solving problems that matter, and doing work that brings me joy. I’m excited. Nervous. Grateful. My newsletters, podcast, Maester and other tools will all be part of this next chapter, and I’ll share more in the coming weeks. Thank you for being part of the journey so far. I’m looking forward to building this next chapter with your support.

@awakecoding @_h0x0d_ @unixterminal coming soon 🙏 build.microsoft.com/en-US/sessions…

@_h0x0d_ @unixterminal I see that PR was merged two weeks ago, is it already shipped in a release? how do I install the wslc command-line tool to get started? and just to make sure - this allows me to run any container image as if it were a WSL distro?

wslc: the container cli for WSL github.com/microsoft/WSL/…

There's been lots of confusion around MSIX. In particular how it works with WinGet and even more so around system context. This is the first blog in a series of weekly posts coming about how MSIX actually works. Hopefully this will help provide more clarity for everyone. devblogs.microsoft.com/insidemsix/the…

@XenoPanther ty 🙏

For the 0 people that care In 29580, Lenovo is now mentioned in System32\SecureBootUpdates\BucketConfidenceData.cab

🏅Sponsorship Announcement🏅 Thanks to our GOLD sponsor @JaneStreetGroup for supporting our team this year!