Joe Bialek
@josephbialek@infosec.exchange
- 425 Followers
- 126 Following
- 62 Posts
Security engineer @ Microsoft. Making Windows awesome.
Pedro Justo
@jfbastien i don’t have your new email. Could you shoot me a mail?
James Forshaw 
MSRC have uploaded by Bluehat talk on improvements to my DCOM tooling, a blog post is also in the works :) https://youtu.be/DzIkehasir4
BlueHat 2024: S07: DCOM Research for Everyone!
Here’s the recording of my Bluehat talk Pointer Problems - Why we’re refactoring the windows kernel https://youtu.be/-3jxVIFGuQw?si=3Q30ziJBBVv4ZbAU
BlueHat 2024: S09: Pointer Problems – Why We’re Refactoring the Windows Kernel
Mr. Bitterness@GabrielLandau
And while Microsoft has mitigated the ItsNotASecurityBoundary issue with May's updates for Windows 11, we can use WindowsDowndate, which also does not cross a security boundary, to roll back to an exploitable ci.dll. At which point we can exploit a fully-patched Windows 11 system with ItsNotASecurityBoundary to load arbitrary drivers with arbitrary (e.g. untrusted) signatures.
In other words, the "requirement" that modern Windows can only load signed drivers is merely a suggestion.
Again, please say these statements and understand why you should believe them:
"Windows admin to kernel is not a security boundary"
"Belief in BYOVD protection is fantasy"
Kevin BeaumontMicrosoft are effectively giving up on Copilot Pro subscription ($20/month) as almost nobody paid for it.
Instead they are bundling it into Microsoft 365 consumer subscriptions and inflating the renewal prices there. There’s no opt out.
Effectively allows the Copilot revenue and user numbers to be inflated.
https://www.theverge.com/2024/11/7/24290268/microsoft-copilot-office-features-microsoft-365
Félixmaxprot but for Linux
https://fosstodon.org/@kernellogger/113371779459204120
https://fosstodon.org/@kernellogger/113371779459204120
Thorsten Leemhuis (acct. 1/4) (@kernellogger@fosstodon.org)
Attached: 1 image A deep dive into #Linux’s new mseal syscall https://blog.trailofbits.com/2024/10/25/a-deep-dive-into-linuxs-new-mseal-syscall/ Alan Cao writes: '"[…] you may have heard of a new system call named mseal landing into the #LinuxKernel’s 6.10 release, providing a protection called “memory sealing.” Beyond notes from the authors, very little information about this mitigation exists. In this blog post, we’ll explain what this syscall is, including how it’s different from prior memory protection schemes and how it works in the #kernel to protect […]'"
Joshua SmallReminder that with today's release of Windows 11 24H2, we have one of the more interesting new security capabilities available. Set your environments to block NTLM on SMB.
John Regehrthe absolute best we can say about this issue in C is that Hans Boehm wrote something smart and coherent, defending it
David Chisnall (*Now with 50% more sarcasm!*)Let's throw exceptions like it's 1991! Developer experience is very important in the #CHERIoT project. It's not enough that memory-safety bugs crash, you need to be able to easily recover from the errors. We've learned from our experiences writing error recovery (and from a lot of other systems) to build something that fits on small systems and works well for the common cases.
Improved error handling in CHERIoT RTOS
CHERI platforms in general, and CHERIoT in particular, can turn a lot of bugs that would be silent data corruption into recoverable errors. The ‘recoverable’ part comes from the fact that any error is caught before an invalid operation succeeds.