Ori Damari
@0xrepnz
Followers
7K
Following
2K
Media
76
Statuses
1K
Low level developer, Reverse engineer, Windows kernel. Read my blog! 😋
nt!KiSwapThread
Joined May 2018
I wrote another post about the Windows APC mechanism - This time we'll explore the internals of user APCs in the windows kernel in depth! From NtQueueApcThread to the APC routine in user mode. https://t.co/yjX1vJ5hQ4 Stay tuned for more posts about APCs and windows kernel😋
10
141
356
https://t.co/Rewc1zcUsj
https://t.co/x6snoHZNFT Released my POC which earned me a 3000$ bug bounty.
readcc.net
Abusing DDMA alongside Copy On Write for Cross Process Code Execution leading to a 3000$ Bug Bounty.
4
34
169
Starting 2026 with a new blog! I've really been enjoying my Windows on ARM machine - so my post is about interrupts for WoA. This includes x64/ARM differences, virtual interrupts, Hyper-V's synthetic controller, and Secure Kernel interrupts/intercepts https://t.co/HvSbtsCtGu
connormcgarr.github.io
Interrupt discovery and delivery on Windows on ARM
7
69
260
CPLDCOMTrigger: Load DLLs remotely into memory using DCOM to achieve command execution for lateral movement https://t.co/PSglChKMxC
github.com
CPL remote trigger. Contribute to sud0Ru/CPLDCOMTrigger development by creating an account on GitHub.
0
72
250
My two cents (or rather, rants 😅) on UAC: In the XP era, programs were executed as admin by default - but the security best practice was, obviously, to let employees execute with a non-admin user. The problem was - because many users run with the default configuration,
1
0
10
Linux has finally ended the Rust experiment after years. The kernel is in a much better state this way. It seems the critics have finally won.
92
106
2K
"Windows has a design flaw in driver validation. If certificate revocation checks fail or time out (which happens often), Windows assumes the certificate is fine and loads the driver anyway."🥴 source: https://t.co/bBM6KAmbGk
https://t.co/ExN8StWw8Z IOCs:
github.com
Sophos-originated indicators-of-compromise from published reports - sophoslabs/IoCs
The commercial packer that lets ransomware groups kill your EDR 😵💫HeartCrypt bundles ransomware with EDR-disabling drivers (many signed with revoked or stolen certificates) and keeps evolving as vendors chase it. Groups like MedusaLocker, RansomHub, and BlackSuit are already
6
65
284
TLDR; The PSF has made the decision to put our community and our shared diversity, equity, and inclusion values ahead of seeking $1.5M in new revenue. Please read and share. https://t.co/laZQCbHWJU 🧵 https://t.co/laZQCbHWJU
pyfound.blogspot.com
In January 2025, the PSF submitted a proposal to the US government National Science Foundation under the Safety, Security, and Privacy of Op...
157
199
1K
Today I am happy to release a new blog post about Pointer Authentication (PAC) on Windows ARM64! This post takes a look at the Windows implementation of PAC in both user-mode and kernel-mode. I must say, I have REALLY been enjoying Windows on ARM!! https://t.co/isnItJ0nb3
originhq.com
Enabling you to safely give AI agents the permissions they need, so they can give you the productivity you demand.
8
64
211
Just uploaded my RomHack slides about attack vectors against PsSetLoadImageNotifyRoutine and drivers that rely on it. Enjoy! https://t.co/LRYsCCm3nw
3
40
124
Understanding WdBoot (Windows Defender ELAM) TLDR; Explanation on how the Windows Defender ELAM Driver (WdBoot) works https://t.co/eLfItIRL5M
0
49
212
Unveiling the details of Windows VTL2, despite its absence in the MSDN documentation. 🤔 #hyperv #windows #virtualization
https://t.co/zuqoobzoMV
0
23
76
Reverser friends, Gepetto has made huge leaps in the last weeks. I now consider it to be a decent IDA Pro agent. With zero interaction (gpt-5), it solved a crackme all on its own. I opened IDA, typed in the prompt, and it did everything.
9
62
353
Tomorrow at 5pm UTC Python: The Documentary produced by @CultRepo premieres on YouTube! 🎬🐍 From a side project in Amsterdam to a language shaping the world— discover the story of #Python. Featuring @gvanrossum & many more! https://t.co/jx4xUVsyuf
2
25
73
Have you ever wondered what happens if we break compiler conventions? I was able to obfuscate the control flow of a program and hide code by modifying non-volatile registers to modify the behavior of library code. https://t.co/PeWCPzcsR7
blog.elmo.sg
Breaking compiler conventions to hide code and obfuscate control flow by modifying non-volatile registers.
2
35
137
Get the scoop on the incoming Administrator Protection for Windows 11. @_xpn_ covers the architecture, access controls, and why some legacy UAC bypass techniques remain effective in his latest blog post. ⤵️
specterops.io
Microsoft will be introducing Administrator Protection into Windows 11. This post explores security considerations for red teamers.
0
39
123
Have you ever wondered what are the main sources of Windows vulns in kernel mode. I went through Microsoft's CVE portal over the past three years to find out which Windows km components have been patched most frequently - consuming company's resources. https://t.co/7jzKh4C4AY
aibaranov.github.io
Examining the statistics on the most frequently patched Windows drivers between January 2022 and May 2025
3
41
136
Microsoft has created its own vim for Windows. Edit on Windows is a new open source command line text editor that enables developers to edit files directly in the command line, without having to switch to another app or window
theverge.com
Microsoft made its own vim.
26
65
519
Very proud to announce that the Windows Subsystem for Linux is now open source! https://t.co/2yJVi2Xc6U
blogs.windows.com
Today we’re very excited to announce the open-source release of the Windows Subsystem for Linux. This is the result of a multiyear effort to prepare for this, and a great closure to the first ever...
138
1K
9K
A cool project on an undocumented feature in the Windows kernel. I partially researched it some time ago, but unfortunately, it seems that it's locked for Microsoft usage only. My reversing notes: https://t.co/kVjXNmLsGr
gist.github.com
GitHub Gist: instantly share code, notes, and snippets.
Here it is: https://t.co/fVDwsTlSTc my research on Alternate Syscalls for Windows 11! There are still a few other facets to explore, but this is stable and PatchGuard resistant (from my tests!) #blueteam #redteam #computing #securityresearch #cyber #infosec #cybersec #malware
0
14
69