Andrew Ruddick

A video of the talk I gave at BlackHat Europe ‘Exploring a New Class of Kernel Exploit Primitive’ has been posted here: youtu.be/uqWiZXMh8TI

This is a good resource on how to use github.com/0vercl0k/wtf to find bugs in Microsoft's Defender Malware Protection Engine 🔥: labs.infoguard.ch/posts/attackin… by Manuel Feifel

Very proud to announce that the Windows Subsystem for Linux is now open source! blogs.windows.com/windowsdevelop…

My team just dropped Post-Quantum Cryptography to Windows Insiders and Microsoft Linux!! Yes, it’s open source techcommunity.microsoft.com/blog/microsoft…

A pre-auth remote DoS in the Windows kernel SMB stack I found was patched today under CVE-2024-43642: msrc.microsoft.com/update-guide/v…

Had my first serious play with a fuzzer. 9 CVEs went out today for issues I found with that in SQL Server’s Native Scoring feature. Those include arbitrary pointer execution, UAF and OOB memory accesses. msrc.microsoft.com/update-guide/v…

Big changes to one of the most targeted attack surface in Windows - techcommunity.microsoft.com/t5/security-co…

Microsoft identified a North Korean threat actor exploiting a zero-day vulnerability in Chromium (CVE-2024-7971) to gain remote code execution. Our assessment of ongoing analysis and observed infrastructure attributes this activity to Citrine Sleet. msft.it/6010l7S6w

Quantum computers could imperil the security of confidential electronic information, such as emails. To counter this threat, NIST has finalized its set of three encryption algorithms designed to withstand a future quantum computer’s cyberattacks: nist.gov/news-events/ne…

My new blog - Helping our customers through the CrowdStrike outage blogs.microsoft.com/blog/2024/07/2…

MORSE is growing. I'm building a team in the UK which will focus on Windows VR. Hiring lead and IC roles. Can be 100% remote in the UK or go into the office if you want. jobs.careers.microsoft.com/global/en/job/… jobs.careers.microsoft.com/global/en/job/… jobs.careers.microsoft.com/global/en/job/…

New blog on VBS enclaves on Windows 11 just dropped: techcommunity.microsoft.com/t5/windows-os-…

Excited to share my latest article: PgC - a novel approach to disable Patchguard during runtime using basic memory management principles. It has worked against every version of Patchguard for the last 7 years, without needing any updates! blog.can.ac/2024/06/28/pgc…

New blog announcing new security capabilities for Windows 11 at #BUILD microsoft.com/en-us/security…

@jo42636195 It’s open again now

@arudd1ck Hey, I only just saw his ad and it looks like you're no longer accepting applications - is it likely you'll advertise for more/unfreeze soon?

We’re hiring in the UK. If you have skills and want to hack cool stuff, come join us: jobs.careers.microsoft.com/global/en/job/…

We just prioritised Security above all else, including new feature development. This is an awesome chance to help us make real security improvements from the inside (hint: we’re still hiring). 😉

🔺New on the Apple Security Research blog: introducing PQ3, a groundbreaking post-quantum cryptographic protocol for iMessage. To our knowledge, PQ3 has the strongest security properties of any at-scale messaging protocol in the world. security.apple.com/blog/imessage-…

Windows Kernel Team is hiring: lnkd.in/d_Qxfdvw lnkd.in/dqGN-ViC lnkd.in/dnKt7xrv lnkd.in/gajwYgjw Come and join the OS group! :-)

Write up of the HVCI bypass vuln (CVE-2024-21305) with @aall86 ! tandasat.github.io/blog/2024/01/1…

learn.microsoft.com/en-us/windows-… This is a great article, even for non super-technical audience :-) Happy New Year folks!