New research from @jdu2600: a clean loader-lock escape using the PEB's PostProcessInitRoutine. Read the analysis and PoC code 📃

Just uploaded my RomHack slides about attack vectors against PsSetLoadImageNotifyRoutine and drivers that rely on it. Enjoy! https://t.co/LRYsCCm3nw

I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog:

I’ll be around if anyone wants to chat about endpoint security.

Announcing our whitepaper on the future of endpoint security. https://t.co/NogsQiku9B

I'm happy to finally release NovaHypervisor! NovaHypervisor is a defensive hypervisor with the goal of protecting AV/EDR vendors and crucial kernel structures that are currently uncovered by VBS and PatchGuard. Full explanation below 1/6. https://t.co/BGszXQ0Oi6

An increased visibility into threads' call stacks helps with more reliable malware detection. The approach is based on ETW telemetry and module's Export Directory data for information enrichment. A post by John Uhlmann of @elasticseclabs. Great read! #redteam #blueteam #maldev

@dwizzzleMSFT @Laughing_Mantis @HuntressLabs We’ve been trying to join MVI for years, but don’t get accepted because we don’t delete malware from endpoints. Super frustrating. We’re deployed on over a million endpoints and want to stick to best practices.

Dive deep into malware detection with the latest article by John Uhlmann: "Call Stacks: No More Free Passes for Malware." Discover how call stacks provide vital insights into malware behavior. Read more:

ATT&CK never felt quite right to me. I originally thought it was just that the taxonomy was incomplete. Then @jaredcatkinson framed my misgivings as a missing dimension and it just clicked.

Zero Trust and EDR Tier list rated by nation-state funded AI catgirls. ranked by amount of snake oil in product

Yarden Shafir (@yarden_shafir) is back for Offensivecon 2025 🤩 Sign up now to the Windows Internals Training. *Training tickets also guarantee first slots in the waiting list for conference tickets. https://t.co/IHEJpY5RsZ

The @wisporg board is coming together to determine our top priorities for 2025 - YOU get to instruct us on what you would like those priorities to be! Need more scholarships, cons, exams/certs, mentors, events, or something else? Tell us your needs! https://t.co/oenmAuXR4X

New blog from me on using CLR customizations to improve the OPSEC of your .NET execution harness. This includes a novel AMSI bypass that I identified in 2023. By taking control of CLR assembly loads, we can load assemblies from memory with no AMSI scan.

Behold this magnificent and ridiculously photogenic crew, tasked with choosing the speakers for the upcoming BlueHat IL conference. Ready to wow them with your pitch-perfect abstract? Of course, you do - so why wait, submit it today: https://t.co/Rl8t6wIqDR

Our talk at #BHEU is done! Hope you all enjoyed it. 😉 A detailed blog is on the way, but in the meantime, check out the pre-alpha website https://t.co/lGRfqhmcVK for early access and the slides! Huge thanks to @BlackHatEvents and my awesome co-presenter @_splitline_! 🐈‍

In our search for new forensic artifacts at @ExaTrack, we sometimes deep dive into Windows Internals. This one is about COM and interacting with remote objects using a custom python LRPC Client. STUBborn: Activate and call DCOM objects without proxy:

Exciting news! I’m starting X-Force’s new offensive research team (XOR) and hiring a security researcher. Want to work with researchers (like @FuzzySec and I) to find bugs, exploit popular targets, and share your work? Apply for this unique (remote) role 😊 https://t.co/mlVBYdGCcF

We have good news for those who missed out on our Advanced Detection Engineering in the Enterprise training at Black Hat US. Our ADE training is coming to Black Hat Asia 2025, in Singapore! Registration is open! Information and registration: https://t.co/diT6aJKLp5

It’s wonderful to see what @XenoKovah and his collaborators have built for the community. I always recommend OST2 for my new hires and other juniors, or just anyone trying to get started on a new topic. The courses are excellent. It’s an honor to sponsor the Windows Security Path