ZwClose

636 posts

ZwClose

@zwclose

Beigetreten Haziran 2017

59 Folgt1.1K Follower

Angehefteter Tweet

ZwClose@zwclose·14 Eki

Multiple vulnerabilities in the Realtek card reader driver. The vulns allow a non-privileged user to write to virtual kernel memory and gain access to physical memory via the DMA controller. Dell, Lenovo and other OEMs affected. The first part of the post: zwclose.github.io/2024/10/14/rts…

English

102

235

27.3K

ZwClose@zwclose·2 Şub

When it comes to Windows kernel networking, ChatGPT becomes pretty hallucinatious. Once I spent an hour looking for a non-existent !wfp extension, which GPT recommended to me, and now it's suggesting !afd. By the way, these extensions would be very useful if they existed.

English

562

ZwClose@zwclose·18 Oca

@HaifeiLi Yesterday I spent an hour searching for a WinDbg extension that doesn't seem to exist; I fell to Copilot's hallucination. I also watch the selloff, but I'm sure it will bounce back.

English

Haifei Li@HaifeiLi·16 Oca

Is vibe coding going to kill all the quality software companies or something? Most stocks 52 weeks low. Wow.

English

1.5K

ZwClose retweetet

Michael Maltsev@m417z·27 Ara

Check out the KUSER_SHARED_DATA docs that were submitted to NtDoc by @sixtyvividtails, and are probably the most comprehensive source of information about this struct known to humanity. ntdoc.m417z.com/kuser_shared_d… Also featured on @pagedout_zine, issue #7, page 33, check it out!

English

12.4K

ZwClose@zwclose·21 Ara

@artem_i_baranov Considering Intel's recent performance, they either didn't read the Grove's book or it's not that helpful :)

English

Artem I. Baranov@artem_i_baranov·21 Ara

Reading @ the Speed of Thought aibaranov.github.io/books-annual/

English

312

ZwClose@zwclose·6 Ara

Older WDKs are back! With each update Microsoft dropped pieces like code samples, so I hoarded a few WDKs, and even planned to search far corners of the web to get more. This is not needed anymore: MS just published a collection of legacy WDKs: learn.microsoft.com/en-us/windows-…

English

147

ZwClose@zwclose·27 Kas

@yo_yo_yo_jbo This post is not only interesting, but also demonstrates that readme md can be a blogging platform.

English

ZwClose retweetet

Jonathan Bar Or (JBO) 🇮🇱🇺🇸🇺🇦@yo_yo_yo_jbo·25 Kas

This blogpost is interesting - has Windows internals, my own novel solution to a problem red teamers have had for a while, EDR bypasses, debugging and much more. Spoofing command lines on Windows and solving the problem of length limitations: github.com/yo-yo-yo-jbo/c…

Jonathan Bar Or (JBO) 🇮🇱🇺🇸🇺🇦 tweet media

English

161

14.1K

ZwClose@zwclose·25 Kas

@FuzzySec Hey, I have a conference-related question, may I dm?

English

b33f | 🇺🇦✊@FuzzySec·10 Ağu

I want to extend the same offer as I did for BlackHat US and make myself available to provide structural and language feedback on proposals from people that use English as a second language (ESL). From my own experience I know it's not always easy to navigate what a good proposal looks like and I'm here to help 🙇‍♂️

English

1.4K

b33f | 🇺🇦✊@FuzzySec·10 Ağu

After a successful BlackHat US with so many amazing talks, I'm excited to share that I am also joining BlackHat EU as a guest on the review board for the AI, Vulnerability Research and AppSec tracks 🎊❤️‍🔥 The CFP closes on the 11th of Aug, get submitting: europe-briefings-cfp.blackhat.com

GIF

English

7.7K

ZwClose@zwclose·22 Kas

@DebugPrivilege @sixtyvividtails Maybe sixtyvividtails put it too harsh but I can see the point: it is unclear how storport mangles the pointer. I haven't looked at the dump myself, but it looks that 0x046dc232 often comes with nt!IovpValidateDO, Logitech and the verifier enabled, but with different bug checks.

English

ZwClose@zwclose·21 Kas

@DebugPrivilege Nice RCA, and lots of useful debugging commands/extensions!

English

ZwClose@zwclose·17 Kas

@lyq_sqsp Does the device do something DMA-related?

English

itewqq@lyq_sqsp·16 Kas

Wrote a PoC by emulating a malicious PCIe device in QEMU, which crashed the Ubuntu24.04.3 server. Considering the threat model, this bug might be useless in most scenarios, but I still have fun learning about how those old devices work 😅 Maybe a small writeup after the patch?

itewqq@lyq_sqsp

Is a kernel OOB triggered from a PCIe device a vulnerability? 🤡 (AMD-SEV/Intel-TDX scenarios not considered)

English

9.9K

ZwClose@zwclose·16 Kas

@vxunderground I'm devil's advocate. Users hated the new Windows 95 interface. MS didn't back down. A few years later, no one even thought about going back to 3.11. Although AI is much more intrusive than UI, let's see what users say in a while.

English

183

vx-underground@vxunderground·16 Kas

Pavan Davuluri, Microsoft President who disabled comments when we (and everyone else) raised hell about Microsoft AI slop. Blah, blah, blah, you DO NOT listen to feedback or give a fuck about developers. You're lying. You keep shoving dog shit slop piss into the OS. Fuck Copilot Fuck Recall Fuck your Ads in the OS Fuck your AI developers Fuck Windows Defender Fuck your AI integrations Want to make people happy? Release a new version of Windows. I'm being completely serious - Windows slop fucking piece of shit edition - Windows with everything ripped out of it, no AI slop, no defender, no fancy UI. Make it Windows 7 or XP era UI. Even give it a dumb fuckin edgy name you guys like, like WINDOWS 11 DEVELOPER NANO CORE You'll have developers throwing money at your face begging for non slop edition

Pavan Davuluri@pavandavuluri

Hey Gergely, I am responding here, and I think this applies to a bunch of the comments that people have made. I mean, a lot of comments 🙂. The team (and I) take in a ton of feedback. We balance what we see in our product feedback systems with what we hear directly. They don’t always match, but both are important. I've read through the comments and see focus on things like reliability, performance, ease of use and more. But I want to spend a moment just on the point you are making, and I’ll boil it down, we care deeply about developers. We know we have work to do on the experience, both on the everyday usability, from inconsistent dialogs to power user experiences. When we meet as a team, we discuss these paint points and others in detail, because we want developers to choose Windows. We know words aren’t enough, it’s on us to continue improving and shipping. Would love to connect with you about what the team is doing to address these areas if you are open to it.

English

211

2.6K

187.1K

ZwClose retweetet

diversenok@diversenok_zero·11 Kas

I wanted to understand what information is available in .pdb files, so I made a tool for it 🔎🪲 Welcome DiaSymbolView - a debug symbol hierarchy and properties viewer based on MSDIA: github.com/diversenok/Dia…

English

187

15K

ZwClose@zwclose·10 Kas

I may be late to the party, but I didn't know about deepwiki.org, which looks really cool!

English

159

ZwClose@zwclose·25 Eyl

TIL that DMA remapping is not specific to the driver I was working on, but is part of Windows' protection against DMA attacks: learn.microsoft.com/en-us/windows-…

English

175

ZwClose@zwclose·23 Eyl

@PetrBenes @C5pider Why are you only counting unique annotations? I doubt you'll find 37,120 annotations by lifting uniqueness, but it's possible there will be more than 782.

English

Petr Beneš@PetrBenes·22 Eyl

@C5pider For a total of 37120 functions (+59372 methods in interfaces), yeah, I'd say only :)

English

203

Petr Beneš@PetrBenes·22 Eyl

In the whole Windows SDK there is only 782 unique SAL annotations. Thank you for your attention to this matter.

English

1.8K

ZwClose retweetet

Connor McGarr@33y0re·8 Eyl

Today I am releasing a new blog post on VSM "secure calls" + the SkBridge project to manually issue them!! This blog talks about how VTL 0 requests the services of VTL 1 and outlines common secure call patterns!!! Blog: connormcgarr.github.io/secure-calls-a… SkBridge: github.com/connormcgarr/S…

English

259

35.3K

ZwClose@zwclose·30 Ağu

@sixtyvividtails @_r_netsec 0xd2d28044 looks very weird, device code 0x2d2 doesn't belong to any constant from FILE_DEVICE_* list.

English

140

sixtyvividtails@sixtyvividtails·30 Ağu

@_r_netsec Analysis doesn't check out. Claims fail is on ExFreePool, but callstack in all 3 dumps shows fail on ExAcquireFastMutex. There's indeed "elastic_endpoint_driver", but with just tiny minidumps we can't confirm it's not tainted. EP: DeviceIoControl(ioctl=0xd2d28044, inSize=0x41).

English

278

/r/netsec@_r_netsec·29 Ağu

Elastic EDR 0-day: Part 2 - Technical Details and the Trigger ashes-cybersecurity.com/elastic-edr-0-…

English

ZwClose@zwclose·28 Ağu

@ericgeller I really doubt it's Anthropic PR report but is does read as Anthropic PR report :) Anyway, the Remote workers fraud part is just as impressive as the Vibe data extortion!

English

667

Eric Geller@ericgeller·27 Ağu

Anthropic says a hacker used its Claude chatbot "to an unprecedented degree": Claude identified vulnerable companies, wrote infostealer malware, analyzed stolen files for extortion purposes, calculated extortion amounts, and wrote extortion messages. nbcnews.com/tech/security/…

English

113

434

117.1K

Entdecken

@HaifeiLi @sixtyvividtails @pagedout_zine @artem_i_baranov @yo_yo_yo_jbo @FuzzySec @DebugPrivilege @lyq_sqsp