We're super proud of this work - it took a lot of poking around in Windows Internals and a huge effort from Engineering to fix all these issues. Many thanks to all who worked on these :).

As many of these exploit differences in CreateFile and MUTZ, we've duplicated some of the behavior in CreateFile. This should help prevent similar bypasses in the future. We're planning on releasing more info about this research over the coming months, so stay tuned!.

This week's Patch Tuesday included 8 CVEs that @rohitwas and I found! . We've been focusing on findings ways to bypass MapUrlToZone and found several very interesting ways to confuse it. This is an API we've seen a lot of interest in lately, so good to have it locked down!

RT @msftsecresponse: To help protect against NTLM relay attacks, we’ve enabled Extended Protection for Authentication (EPA) by default in W….

When I started I honestly didn't think I would ever find a CVE, so it's cool to get all the way up to 50!.

My 50th CVE came out in today's Patch Tuesday! CVE-2024-38240 is the last of some hardening we've been doing in a Windows service, and CVE-2024-38252/CVE-2024-38253 are two proactive efforts we worked on with some static analysis friends :).

RT @dragosr: CanSecWest Presentation:. Rolling in the Dough: How Microsoft Identified and Remediated a Baker’s Dozen of Security Threats in….

I'm hoping to give a conference talk/blog post on the DNS Admin research, methodology, and fix process we've been doing soon(ish), so stay tuned!.

Yesterday's Patch Tuesday saw the release of 10 CVEs I found in DNS! These could potentially allow an authenticated attacker to gain remote code execution. A huge thank you to the DNS team who worked through and fixed these.

Forget buffaloes, the longest grammatically correct sentence using one repeating word is "sudo sudo sudo sudo sudo sudo sudo sudo sudo".

Yesterday, a vulnerability in DNS I found was patched: Thanks to the DNS team for working through this one!.

Tuesday saw the release of fixes for four vulnerabilities I discovered (CVE-2022-26801, CVE-2022-26802, CVE-2022-26803, CVE-2022-24536). Go check them out!

RT @DistributedDave: It's long been assumed that there are no nontrivial reflected amplification attacks using TCP—prior attacks are UDP or….

Talk from #BlueHatIL is live! Had such an awesome experience

RT @n0x08: - I should point out that many of the #BlueHatIL talks are up online here including my personal favorite….

Just posted our slides from BlueHat IL 2020 at Huge thank you to @tom41sh and the rest of the BlueHat team, we were really honored to be there :).

RT @OhadMZ: Very interesting session at #bluehatil about evading nation-state #censorship with AI methods (#Geneva project). Implanted alre….

RT @n0x08: Groundbreaking research being presented today at #BlueHatIL. TheMentor comes to mind: “We seek.after knowledge and you call us….

RT @BlueHatIL: The wait is finally over! Registration & schedule for #BlueHatIL 2020 are live. Places are limited so register NOW: https://….

Can't wait to present Geneva in a couple weeks at @BlueHatIL! .