RT @_winterknife_: TIL: If you disable DSE by modifying nt!g_CiOptions to load an unsigned kernel driver, it will be logged :) https://t.co….

RT @sixtyvividtails: Microsoft put C:\inetpub junk there for a reason 🫠.CVE-2025-21204 #greatfix

Getting code execution in a process that cannot be located using traditional kernel APIs and is untouchable from usermode? All while staying PatchGuard-friendly?. Sign me up:

Dug into @RiotVanguard's kernel driver's dispatch table hooks. The article took an unexpected turn half way through, as I found some not yet documented stuff, such as the complete list of system calls hooked by the driver. Article link:.

ETW is an incredibly powerful tool in the wrong hands. Just finished writing about how it allows drivers to hook context switches on Windows 11 24H2 while remaining PatchGuard and HVCI compatible:

Hooking context switches on 24H2 like InfinityHook did in the old days. My first writeup's coming soon 😊

RT @virtuallyfun: Is it me or does it look like the crowdstrike driver is loading arbitrary binary files into kernel space and executing th….

Turns out if you bp nt!MiCopyFromUntrustedMemory, you prevent WinDbg from working at all

yooo why vgk.sys tryna query KVM clocks, I ain't even running the riot client 😭😭😭.#valorant #vanguard

RT @endermanch: Ever wondered how those custom loaders work?. They're native user-mode applications running under SMSS — «BootExecute appli….

RT @luciascarlet: just updated Windows what the FUCK is this

#HoloCure modding has made a lot of advances in 2023, and it's now possible to mod the official YYC versions. Most of the currently worked-on projects are listed in this Reddit thread on the official subreddit: 2024 will hopefully bring even more mods.

so apparently it's possible to delete files that are in-use in Windows - nuking the entire C:\Windows folder was a bad idea😅. i wonder what happens if this runs during the windows setup🤔 @endermanch

RT @endermanch: The Anti-AntiAdblocker uBlock Origin filter to get rid of the annoying YouTube message. It turns off the JavaScript anti-ad….

RT @yarden_shafir: 170 of the drivers load with the most recent HVCI driver blocklist. Do with this information wha….

RT @NTDEV_: hehe

RT @gf_256: Amazing how many problems you can solve on Windows by killing dllhost. Its almost like COM was a mistake.

RT @jessicammoss: Who else copy/pastes text into Notepad and then copy/pastes the same text back into their original app just to remove for….

RT @gf_256: trying this radical productivity hack where i simply DO NOT LOOK AT TWITTER.

RT @gf_256: Lol not even surprised. That driver mhyprot2.sys is absolutely cooked.