mattless_

Excellent writeup on Windows kernel vulnerable drivers and how to identify them Takahiro Haruyama (@VMware) blogs.vmware.com/security/2023/… #cybersecurity #Windows

Just published our (8th) annual: "The Mac Malware of <Year>" white paper: objective-see.org/blog/blog_0x77… It's a technical deep dive into every new macOS malware specimen of 2023, detailing: 💉 Infection 💾 Persistence 📡 Capabilities ...plus samples, detections, & more! 👾🍎💻

@zodiacon Not a full book, but some idea for chapters might be RPC, ALPC, DCOM, performance analysis

As "Windows Kernel Programming, second edition" is essentially done, any requests for a book that you think may be missing in the Windows low-level/security/API/etc. space?

Microsoft ○ く|)へ 〉 ￣￣┗┓ Windows 7 & 8.1 ┗┓　 ヾ○ｼ 　　 ┗┓ ヘ/ 　 　 　 ┗┓ノ 　 　 　 　 　 ┗┓

@KevinNaughtonJr a classic

my typical day at Google as a software engineer: - get stuck on something - open an internal doc to get help - read first paragraph and open 3 other docs that are linked to - start reading 2nd doc's first paragraph and open 7 more internal doc links - cry

Got my copy!

@sk3wl @ilfak any spoiler on the release? 🙂

Super excited to be starting work on the 3rd edition of "The Ida Pro Book" @ilfak #IDA #HexRays

you’ll never end learning #windows

@lcavallaro & I are thrilled to announce “Benefits and Outlook of Program Analysis for Systems Security”. This COSE special issue seeks technical & vision papers capitalizing on the rich cross-pollination ongoing among Computer Security, PL, and SE research. RTs appreciated! ▶️🧵

#github is the new #instagram

Alternative way of letting #msdt execute stuff without the usual cmdline (@harr0ey) gist.github.com/homjxi0e/3f352…

The rtf format of the “ms-msdt” 0day is using the URL Monkier to load and run the IE engine, which does remind me of my own presentation years ago. Same/similar bug, different paths. sites.google.com/site/zerodayre… #youneverreallyknowCOM

The "PCW.debugreport.xml" file inside %localappdata%\Diagnostics and %localappdata%\ElevatedDiagnostics (for elevated instances) is generated when executing the #follina thingy and it contains the payload. Maybe good for #dfir Did anyone look into this?

@DebugPrivilege It’s painful when working with binary data

I’d like to suggest to #Conti devs the existence of IWbemServices::ExecMethod without the need of #wmic docs.microsoft.com/en-us/windows/… #ContiLeaks

This blog post sums up my yearlong Windows Drivers research, detailing my own methodology for reverse engineering drivers, finding possible vulnerabilities, and understanding their exploitability: voidsec.com/windows-driver…

Some time ago, I wrote a proof-of-concept implant framework called Shlyuz that took some design cues from the CIA Assassin implant framework as described in #vault7. I'm happy to finally be able to share it with the world; but first, some background: und3rf10w.github.io/posts/2022/01/…

linux: “everything is a file” windows: “everything is a COM object”

Such a marvelous conf. An icebreaker opportunity for me since it was my first time as a speaker. If you are curious go take a look at our talk. @dcdelia

💡 Bit of advice for #ransomware devs... Use SetFilePointerEx, 🛑 NOT 🛑 SetFilePointer. Don't be like AvosLocker, who fuck up tons of data in the middle of 4GB+ files because they ignore the high move value and return... Pays to read the damn documentation. 📚