0x0A1D

New blog about using DCI with WinDbg and debugging SMM code standa-note.blogspot.com/2021/03/debugg… Plus, accompanying my first kernel-to-SMM LPE exploit & demo github.com/tandasat/SmmEx…

I have not forgotten about the book! Chapter 11 is finally out! leanpub.com/windowskernelp…

New updates on Platbox (github.com/IOActive/Platb…): - Code refactored into an easy to use lib - New features to interact with the SPI controller - New checks over the SPI locks - Fixed some bugs Stay tuned for upcoming vuln writeups! @IoaLabs @IOActive @droogie1xp @exminium

llm-security Dropbox LLM Security research code and results github.com/dropbox/llm-se… #cybersecurity #infosec

FwHunt The Binarly Firmware Hunt (FwHunt) rule format was designed to scan for known vulnerabilities in UEFI firmware. github.com/binarly-io/FwH… #cybersecurity #infosec #pentesting

BREAD BIOS #Reverse Engineering & Advanced Debugger is an 'injectable' real-mode x86 debugger that can debug arbitrary real-mode code (on real HW) from another PC via serial cable. github.com/Theldus/bread #cybersecurity #infosec #pentesting

Did Intel add *167+13 pseudo-random access pattern into their L2 prefetcher in new CPUs (TGL+) to confuse researchers exploiting cache side channel? Here're hit tables for *167+13 and true random accesses of 0x10000 iterations measuring fully uncached array

Yeah, let me just scrape the SOC to expose JTAG pads on the package…

We updated our comprehensive blog on ransomware-as-a-service with information on recently observed activities from DEV-0193 (Trickbot LLC), DEV-0504, DEV-0237, and DEV-0401, and a new section on Qakbot campaigns that lead to ransomware deployments: msft.it/6013bWxOf

Invoke-DLLClone aka Koppeling x Metatwin x LazySign Invoke-DllClone can copy metadata and the sig from a source binary and It also uses koppeling to clone the export table from a refference dll onto a malicious DLL github.com/jfmaes/Invoke-…

Turdshovel 0.3 is out. Added some autocompletion to the dump type command, and added a dump stat command to print out counts for .NET types. Peep the README. Ayyyyyyy. 💩💩💩 github.com/daddycocoaman/… github.com/daddycocoaman/… github.com/daddycocoaman/…

As far as I know this is the first public PoC (just triggers the vuln) for FORCEDENTRY (CVE-2021-30860) github.com/jeffssh/CVE-20…. Will eventually publish the code to create this PDF. Amazing blogpost by Project Zero on the issue/exploit: googleprojectzero.blogspot.com/2021/12/a-deep…

Hello twitter, since it's christmas and everybody get's a present I thought of giving one too: I finish part one of analysing browser process up to the point where we have the renderer starting , how you can attach to it and where to bp to debug it. Enjoy github.com/SpiralBL0CK/Br…

Web Cache Vuln Scanner github.com/Hackmanit/Web-… (I was actually making the same tool...😫 I should throw away mine😁)

@bsmtiam www2.futureware.at/~philipp/ssd/T…

Latest Windows 10 is still vulnerable to this DoS bug. Here is the POC on github. github.com/waleedassar/Ke…

Do you like GEF (or modified GDB) but want decompilation? Check out my new GEF plugin to sync symbols on-the-fly and correlate decompilation with any decompiler (IDA currently supported): github.com/mahaloz/decomp…

This semester I decided to do an independent study, which is a semester-long project that counts for credits like a class would. My project is a kernel exploit for CVE-2021-30807 + a writeup. I just finished the exploit and popped 14.6 and 14.7 on my phones, writeup eta son