9 Photos and videos
hex nomad retweeted
23 Aug 2024
Introduction to Windows Cryptographic Services RCE CVE-2024-29050 v-v.space/2024/08/23/CVE-202…
6
13
3,662
hex nomad retweeted
30 Jul 2024
I’m thrilled to share my latest blog post! This one focuses on the bug hunting process: inspiration, approach, and execution. I also provide a retrospective on how the bug was introduced and analyze the insufficient “patch”. Check it out: securityintelligence.com/x-f…
32
255
856
170,611
hex nomad retweeted
29 Jul 2024
In the wake of the CrowdStrike crash event, some interesting articles have been published that explore some perspectives of security vendors in the Windows kernel. I penned a blog for another perspective.
@Sean_Endicott_ @happygeek @AndrewWrites
fieldeffect.com/blog/the-bra…
3
14
31
2,888
hex nomad retweeted
26 Jul 2024
My take on this: “… appears to be starting a conversation about…” is corporate speak for “there’s nothing we can do about this and we’re waiting this out”.
There’s currently no alternative to running Windows EDRs in kernel mode and there’s not going to be one any time soon.
26 Jul 2024
via @verge – due to the recent CrowdStrike incident Microsoft is discussing migrating security products away from the Windows kernel and into other spaces such as VBS Enclaves or Microsoft Azure Attestation
CrowdStrike accidentally leveled the playing field for Threat Actors
7
7
83
14,583
hex nomad retweeted
19 Jul 2024
After over a decade in cybersecurity I sometimes forget that a lot of tech probably has never heard of Crowdstrike (as is now apparent by all the posts)
You’ve probably also not heard of @fieldeffectsoft so here is your chance (no I don’t work for them)
fieldeffect.com/blog/recover…
2
4
528
hex nomad retweeted
19 Jul 2024
Maybe companies shouldn’t have gotten rid of QA teams because “devs can write unit tests and that’s basically the same thing”?
6
15
119
8,880
hex nomad retweeted
19 Jul 2024
kernel driver dev is hard!! this is why the osr guys are so mean
11
30
363
32,419
hex nomad retweeted
1 Jul 2024
RCE in SSH, this is a thing of beauty qualys.com/2024/07/01/cve-20…
12
29
5,711
hex nomad retweeted
30 Jun 2024
Thanks to everyone who attended my @reconmtl and @BlueHatIL talks! The exploit and slides are here: github.com/gabriellandau/Its…
If you took any photos during either of the talks, please share them here. Also, please don't hesitate to stop me to say hi!
10
59
178
30,447
hex nomad retweeted
29 Jun 2024
When embarking on a new vulnerability research project it is important to perform extensive background research into the area to gather as much info as possible to supplement and guide
@j00ru describes these learning resources for the Windows Registry:
googleprojectzero.blogspot.c…
10
55
5,061
Sassy, tongue-in-cheek, but honest recounting of the recent Mitre MDR evaluations:
27 Jun 2024
Very happy to share some thoughts and an inside look at the Field Effect experience of our first participation in a MITRE Engenuity ATT&CK Managed Services Evaluation. So proud of the team, details here:
fieldeffect.com/blog/recover…
3
340
hex nomad retweeted
25 Jun 2024
The cynic in me is saying that if you are a secret agent on a counterterrorism mission, it's kinda your job not to have your secret equipment confiscated by the mall cop on the segway, so I think the lady doth protest too much.
(Random subtweet)
3
8
66
11,836
hex nomad retweeted
24 Jun 2024
New blog post "Google: Stop Burning Counterterrorism Operations"
My reflection on an incident where Project Zero and TAG knowingly shut down an active Western counterterrorism cyber operation, and the real-world harm that could have resulted from it.
poppopret.org/2024/06/24/goo…
63
129
539
480,680
hex nomad retweeted
20 Jun 2024
New Project Zero blog post by Sergei Glazunov and Mark Brand: Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models googleprojectzero.blogspot.c…
48
130
36,679
Great bug, great talk! I’m sure I’m not the only one who looked at the binder code and missed this :)
13 Jun 2024
Attacking Android Binder: Analysis and Exploitation of CVE-2023-20938
An article by @abc_sup, Gulshan Singh, and @vxradius about exploiting a vulnerability in the Android Binder device driver that leads to a slab use-after-free.
androidoffsec.withgoogle.com…
5
798
hex nomad retweeted
12 Jun 2024
This happened. It turns out maintaining consistency at 4x-6x the previous volume is a really hard problem. Honestly, a misc CVE field is the least of my worries- inconsistencies in what's considered an "Important" vulnerability is what keeps me up at night 🥲
1
1
5
2,910
hex nomad retweeted
12 Jun 2024
microsoft: Exploit Code Unporoven
me: i literally gave you a compiled PoC and also exploit code
m$: No exploit code is available, or an exploit is theoretical.
me:
90
352
2,595
412,963
Hey, for anyone who wanted to see this slide deck, it was a keynote about the 0day market, but it commented on public research vs saleable products. I have put it here: github.com/mdowd79/presentat… // cc @chompie1337 @bsdaemon
Yeah. I touched on this in a talk I gave at blue hat last year. It isn't publicly available though
10
128
403
102,055