Good Morning! Just published a blog post analyzing Hyper-V functionality, design, and key binaries, hvix64.exe (hypervisor), securekernel.exe (secure kernel), and winload.dll (boot-time loader and CPU check).

Good Morning! Just published a blog post diving into Windows Kernel LFH exploitation in the latest Windows 24h2 build, Focusing on controlled allocations to achieve arbitrary read/write in the kernel.

Generate videos in just a few seconds. Try Grok Imagine, free for a limited time.

Good morning! Just published a blog post diving into Windows Kernel Pool internals: basics, memory allocation functions, internal structures, and how Segment Heap, LFH, and VS work.

Just published a blog post exploring junk code engines used in polymorphic malware. Part one covers ETG by Z0MBiE (32-bit). Part two introduces TrashFormer, my 64-bit implementation. Both fully written in assembly.

Good morning! Just published a deep dive into PatchGuard internals: how it works, key internal functions, context init, and possible bypasses.

Good morning! I just published a blog post about a KASLR bypass that works on modern Windows 11 versions. It leverages Intel CPU cache timings to exfiltrate the base address of ntoskrnl.exe. I hope you like it!.

RT @ProteasWang: `CVE-2025-24203`: hierarchy of vm_object_t when changing `MAP_SHARED` to `MAP_PRIVATE`. The topmost object has its own phy….

RT @horsicq: obfus.h is the powerfull compile-time obfuscator for C (win32/64). Supports virtualization, anti-debugging, control flow obfus….

Just dropped a blog post on NtQuerySystemInformation changes that killed an old kASLR bypass. Added some internals research too, pre & post 24H2. Check it out!.

RT @daaximus: Unlock forbidden Windows knowledge! 🤫💻.Find the PEB through truly undetected means and pop calculator 💥.The non-golf form wil….

New blog post out! I cover two SMEP bypass techniques in the Windows Kernel: one using a Write-What-Where to flip the U/S bit in the PTE, and another via type confusion with ROP and stack pivoting. Check it out!.

I've just published a new blog post where I explain various Shellcoding techniques in the Windows Kernel. There's also a GitHub repo with the code used. Hope you enjoy it!.

RT @slowerzs: Think HVCI and kCET mean the end of kernel code execution? I wrote a blogpost exploring an alternative way to execute a kerne….

RT @2ourc3: Write-up of my v8 bug: Critical type confusion in V8's Turboshaft compiler allowed stale pointers to bypass GC, leading to expl….

RT @xvonfers:

RT @xvonfers: Better domatolpm generation:.Add a notification_service domatolpm MojoJS fuzzer:..

RT @cffsmith: I’m very excited to announce that we at V8 Security have finally published our first version of Fuzzilli that understands Was….

RT @33y0re: Today I’m sharing a blog post on the implementation of kernel mode shadow stacks on Windows! This post covers actively debuggin….

RT @DebugPrivilege: For the hardcore reverse engineers and malware analysts out there, my ex-colleague just dropped a deep dive into 'Scatt….

RT @x86matthew: I created a hypervisor-based emulator for Windows x64 binaries. This project uses Windows Hypervisor Platform to build a vi….