It seems after burning God knows how much money and CO2, OpenAI decided that *maybe* if you want to have anything close to "intelligence" you'll need some reasoning. Can't wait to see how they scale against this problem!

This is cool. We ported parts of the Windows MDM stack (used by Intune) to Linux!! Now you can use it to EASILY control the configuration and security posture of Linux VMs in Azure.

https://learn.microsoft.com/en-us/azure/osconfig/quickstart-sec-baseline-mc?tabs=azure-cli

Microsoft is building new Windows security features to prevent another CrowdStrike https://trib.al/otEVx6r

Some exploits are just three curl commands in a trench coat.

I FOUND IT.
it took nearly four hours, but i found it.

thank you for coming along with me into the mines of my twitter archive to find this gif. dropbox deleted this, and many others when they 'just decided' to delete all locally stored files, making all the stuff you had exist only in the cloud.

i fired them for this, and replaced them with synology drive, that I sync over wireguard.

A colleague just wanted to gift me an InkJet...

https://en.wikipedia.org/wiki/White_elephant

You asked, and we delivered! Check out the new Microsoft Incident Response Ninja Hub for a compilation of the research and guides that the Microsoft IR team has developed over the years on threat hunting, case studies, and more.

https://techcommunity.microsoft.com/t5/microsoft-security-experts-blog/welcome-to-the-microsoft-incident-response-ninja-hub/ba-p/4243594

#MicrosoftIR #DART #ThreatHunting

For those of you who might like it: Here are the slides from my Alligatorcon talk:
https://gergelykalman.com/the-forgotten-art-of-filesystem-magic-alligatorcon-2024-slides.html

Mozilla, reading the room extremely well, seemingly just recently flipped the switch to enable-by-default sponsored weather results from AccuWeather in every new Firefox tab you open. Clicking "Learn more" takes you here, with zero information on if your location is sent to AccuWeather every time you open a new tab: https://support.mozilla.org/en-US/kb/customize-items-on-firefox-new-tab-page

Probably only noticed because I normally have a blank new tab page but this showed up after updating Firefox!

Windows Wi-Fi Driver RCE Vulnerability – CVE-2024-30078

https://www.crowdfense.com/windows-wi-fi-driver-rce-vulnerability-cve-2024-30078/

Taking steps that drive resiliency and security for Windows customers

https://blogs.windows.com/windowsexperience/2024/09/12/taking-steps-that-drive-resiliency-and-security-for-windows-customers/?s=09

[PATCH] Fix a bug in ebpf verifier

https://lore.kernel.org/bpf/67451140439fafa1bae3e3b010d2c6b9969696a1.camel@gmail.com/T/#m8adf66625ed09e89983cca14f7e982393cb7ac3d

New vulnerability report from Talos:

Microsoft High Definition Audio Bus Driver HDAudBus_DMA multiple irp complete requests vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2008

In part 2 of his #Exchange series, @chudypb describes the ApprovedApplicationCollection gadget. He also covers a path traversal in the Windows utility extrac32.exe, which allowed him to complete the chain for a full RCE in Exchange and remains unpatched.
https://www.zerodayinitiative.com/blog/2024/9/11/exploiting-exchange-powershell-after-proxynotshell-part-2-approvedapplicationcollection

[RSS] CVR: The Mines of Kakadum

https://bughunters.google.com/blog/6220757425586176/cvr-the-mines-of-kakad-m

Pretty sure I posted the OffensiveCon talk before, but it%27s always nice to have things written up

[RSS] Advisory X41-2024-003: DoS Vulnerability in Chilkat ASN.1 Decoder

https://x41-dsec.de/lab/advisories/x41-2024-003-chilkat-asn1/

[RSS] The case of the string being copied from a mysterious pointer to invalid memory, revisited

https://devblogs.microsoft.com/oldnewthing/20240911-00/?p=110247

[RSS] Avred background: Advances in Reversing Defender Signature Format

https://blog.deeb.ch/posts/avred-update/

[RSS] WordPress.org to require two-factor authentication for plugin developers

https://cyberscoop.com/wordpress-two-factor-authentication-supply-chain/

I just got my hands on @tiraniddo's Windows Security Internals book <3

I ordered it through Blackwell's, that is a UK company but ships @nostarch books to EU too, so you can avoid dealing with customs yourself. Order tracking needs improvement.

https://blackwells.co.uk/bookshop/product/Windows-Security-Internals-by-James-Forshaw/9781718501980