iPower

While researching @kaspersky's components, I've decided to write a fun project that makes possible hooking system calls from your own driver by interfacing with its hypervisor: github.com/iPower/Kaspers…

I'm adding Hyper-V (using the Windows Hypervisor Platform) as emulation backed to Sogen, my Windows userspace emulator: While providing slightly less analytical functionality, it should be a game changer in terms of speed 🥳 sogen.dev

Started a blog series on writing a minimal ARM hypervisor from scratch — boots as a UEFI app, claims EL2, identity-maps everything through Stage 2. Chapter 0 just dropped: ARM vs x86 virtualization, UEFI internals, EDK2 setup, first app at EL2. 0xabe.io/hypervisor/arm…

Dropping some tooling to assist with Windows RE (or any really); bulk download modules across all versions, search for call chains from references, immediates, instructions, etc. Has been useful for mass-analysis, cross-version diffing, variant analysis, and just generally locating candidates for more thorough investigation (ioctl dispatch, rpc handlers/chains, what functions eventually call a desired target). github.com/daaximus/ida-r…

TIL FILE_READ_ACCESS is not mandatory to map a SEC_IMAGE into memory.

My new hobby: Asking AI the same question over and over again, and looking at the results. Here's an example - I've asked gemini-2.5-flash 100 times to add two large numbers. It's really undecided. The correct answer is not there btw.

Yeah, @Google my primary email created in 2004 and used daily for 22 years is a bot? I'm now locked out of +450 other websites including my bank, work and github which use it for MFA and have to wait several days before a human reviews the appeal?🤔🤢

Try the ask_ida/c++ GPT [ chat.openai.com/g/g-VgbIr9TQQ-… ] for IDA SDK related questions in C/C++.

My new blog post 🥳 Improving AFD Socket Visibility for Windows Forensics & Troubleshooting It discusses the low-level API under Winsock (IOCTLs on \Device\Afd handles) and explores the workings of the new socket inspection feature in System Informer 🔥 huntandhackett.com/blog/improving…

ok its finally done: the improved version of no-defender, a tool that interacts with WSC api to disable window defender the way how microsoft intended it github.com/es3n1n/defendn…

Good news! The recording of our talk at @reconmtl 2024, JTAG debug of Windows Hyper-V / Secure Kernel with WinDbg and DCI/EXDI, presented together with @ivanrouzanov, is now available on YouTube: youtube.com/watch?v=YKFXWs…. Turn on subtitles.

Nice to see Intel and MSFT's posts on VT-rp / HVPT. If you are interested in playing with the feature, simple example code is here: github.com/tandasat/Hello…

The new blog post on supervisor shadow stack restrictions / supervisor shadow-stack control tandasat.github.io/blog/2025/04/0…

Intel E-cores behave differently in virtual machines than P-cores. This plays an important role in debugging hypervisor technology within heterogeneous systems. See my article, The Mysterious Behavior of the Intel E-cores, here: asset-intertech.com/resources/blog…

Some exciting research to share from Binarly REsearchers @cci_forensics and @pagabuc -- a novel approach to UEFI bootkit detection. 🔥Read the technical paper: "UEFI Bootkit Hunting: In-Depth Search for Unique Code Behavior" 👉 binarly.io/blog/uefi-boot…

My presentation slides "UEFI Bootkit Hunting: In-Depth Search for Unique Code Behavior" @REverseConf are available online github.com/binarly-io/Res…

Check-out github.com/djolertrk/kovi… - a collection of LLVM and GCC plugins for code obfuscation. It is free and open source. I will be adding more plugins that represent different obfuscation techniques.

Added AMD support to hvext, the windbg extension for reversing Hyper-V! github.com/tandasat/hvext You can easily check what SVM features are enabled, which MSRs and IO ports are accessible, and how nested page table looks like, for NT, SK and regular VMs.

In the latest and greatest episode of the Guided Hacking Podcast we had the unique honor of interviewing the Titan of Anti-Cheat: @0xNemi Learn the story behind his prodigious rise to power through the DoD, Blizzard, Riot Games, Byfron and Roblox. 👉youtu.be/6xET66eitYY

I created a hypervisor-based emulator for Windows x64 binaries. This project uses Windows Hypervisor Platform to build a virtualized user-mode environment, allowing syscalls and memory accesses to be logged or intercepted. elastic.co/security-labs/… Project: github.com/x86matthew/Win…