I've long been interested in how EDRs work under the hood and how we can apply a more evidence-based approach to evasion. I'm happy to announce that I've written a book covering these topics with @nostarch which is now available for preorder 🎉.

RT @PreludeResearch: Join us in Islander E-I for @33y0re’s talk on KCFG AND KCET internals #BHUSA . .

I’ll be around all day so come say hi if you see me! I’m hiring security researchers and developers.

Two years ago, I left red teaming for a new challenge in endpoint security. I'm humbled by the incredible team we've built and so proud to share this research preview of our work. It’s an idea I believe in deeply, and I can’t wait for what’s ahead. 🖤.

RT @33y0re: I am excited to say my talk at @BlackHatEvents USA 2025 was accepted where I will be sharing my recent research on kernel-mode….

RT @0xdab0: RUST WINDOWS DOCS MCP. If you've ever done Rust dev with the windows crate, you know it's painful because it makes up API calls….

We're also looking for software engineers to join the team. Rust and Windows development experience are a strong plus. US/Canada preferred but willing to flex for the right person.

RT @standa_t: The new blog post on supervisor shadow stack restrictions / supervisor shadow-stack control.

The team at @PreludeResearch is looking for Windows internals researchers, reverse engineers, and people passionate about rethinking how we combat modern adversaries. Join us!

RT @33y0re: Today I’m sharing a blog post on the implementation of kernel mode shadow stacks on Windows! This post covers actively debuggin….

RT @elasticseclabs: We’re adding a new section to @elastic’s HackerOne Bounty Program! Today, we’re opening our SIEM and EDR rules for test….

We’re going to start doing some more informal hangouts in our @discord server and figured we’d host the first as everyone starts winding down for the year. I hope you can join us to talk shop and share what youve learned this year 🙏.

This year's bundle has an amazing selection and I'm so excited to see Evading EDR included. If you haven't picked up a copy, now is a great time to get one 🎁.

RT @clintgibler: 🔬 Applying Test-Driven Development to Detection Engineering. @matterpreter describes applying TDD principles to detection….

RT @preludeorg: It's time to overcome manual efforts when it comes to purple teaming🚫. Next week—join @matterpreter at the @SANSInstitute….

RT @preludeorg: Test-driven development—not just for software engineering. @matterpreter breaks down how applying this logic streamlines….

RT @33y0re: I am very happy to have presented my talk "Redefining Security Boundaries: Unveiling Hypervisor-Backed Security Features For Wi….

RT @aall86: Here you go. Italian trip gift :-) @_0xDeku, @yarden_shafir and the others. .

So pumped to have Max on the team😈🖤.

RT @tifkin_: Really happy to see that Ghidra 11.2 has a built-in option for VS code now. Checkout the  VSCodeProjectScript script to set i….

RT @preludeorg: When security teams need certainty, opaque logic stands in the way of understanding how their #EDRs respond to threats. Wha….