https://techcommunity.microsoft.com/blog/windows-itpro-blog/hotpatch-for-windows-client-now-available/4399808 Finally! I personally worked on Hotpatch, together with my team 3 years ago... and now is finally approaching client versions of Windows... Yuuuyuuu!

My new blog for Check Point Research - check it out! 💙 // #ProcessInjection : #WaitingThreadHijacking

https://bird.makeup/@_cpresearch_/1911835975006777818

I am thrilled to be back and offer the in-person training once again at Hexacon, the fabulous conf. in Paris
https://hexacon.fr/trainer/tanda/

Get hands-on experience with virtualization and learn real-world applications and bugs of them!

The tickets will be available for purchase soon.

https://bird.makeup/@hexacon_fr/1912154010062094633

Interesting links of the week:

Strategy:

* https://en.wikipedia.org/wiki/SIPOC - modelling systems with SIPOC
* https://www.thecvefoundation.org/ - the CVE foundation
* https://euvd.enisa.europa.eu/ - EU bug jail
* https://xntrik.wtf/aisa2024/ - @xntrik maps threats with https://threatcl.github.io/
* https://threatspec.org/ - the ThreatSpec

Threats:

* https://cloud.google.com/blog/topics/threat-intelligence/windows-rogue-remote-desktop-protocol - a novel phishing attack involving RDP

Detection:

* https://rulehound.com/rules - a single place to find interesting detection engineering ideas

Bugs:

* https://bugs.chromium.org/p/chromium/issues/detail?id=584535 - an 11 year old bug in every browser, still not dead!

Exploitation:

* https://silentsignal.github.io/BelowMI/ - memory management on System i courtesy of @buherator
* https://github.com/N1ckDunn/SOSLInjection/blob/main/SOSLInjection.pdf - Sal''esforce \o/
* https://github.com/N1ckDunn/DoubleFetch/blob/main/Double-FetchVulnerabilitiesInC.pdf - exploiting double fetch

Hard hacks:

* https://xairy.io/articles/thinkpad-xdci - emulating USB on a ThinkPad
* https://www.rtl-sdr.com/dragonos-lte-imsi-sniffing-using-the-lte-sniffer-tool-and-an-ettus-x310-sdr/ - build your own LTE sniffer
* https://blog.sesse.net/blog/tech/2025-04-05-10-57_cisco_2504_password_extraction.html - extracting passwords from Cisco WLC
* https://www.prizmlabs.io/post/remote-rootkits-uncovering-a-0-click-rce-in-the-supernote-nomad-e-ink-tablet - exploiting the Nomad e-ink tablet

Nerd:

* https://ukparliament.github.io/ontologies/meta/bots/ - UK parliamentary bots
* https://mwl.io/fiction/crime - Git drives people to murder
* https://changelog.complete.org/archives/10768-announcing-the-nncpnet-email-network - building a new mail protocol

#security, #research

Kernel-Hack-Drill: Environment For Developing Linux Kernel Exploits

Alexander Popov @a13xp0p0v published the slides from his talk at Zer0Con 2025. In this talk, he presented the kernel-hack-drill open-source project and showed how it helped him to exploit CVE-2024-50264 in the Linux kernel.

Slides: https://a13xp0p0v.github.io/img/Alexander_Popov-Kernel_Hack_Drill-Zer0Con.pdf
Project: https://github.com/a13xp0p0v/kernel-hack-drill

Love the absolute units! (And I suck at photography)

Did a post on the personal blog (i.e., “the views expressed by me do not…blah blah”) — “Trump’s Retaliation Against Chris Krebs — and the Cybersecurity Industry’s Deafening Silence”.

Unlike most years, everyone attending RSA next week has a tangible, meaningful opportunity to make a difference.

Be better than the complicit cowards (humans & vendors) in our industry, speak up, & hold folks accountable.

Otherwise, “Many Voices. One Community” is just BS RSA marketing.

https://rud.is/b/2025/04/17/trumps-retaliation-against-chris-krebs-and-the-cybersecurity-industrys-deafening-silence/

"Providers are pushed to spend less time caring for each patient as health systems move to reduce costs and increase revenue under the technological principle of maximal efficiency and output. But medicine was never intended to be another industrial complex."

This essay is beautiful and powerful.

https://www.statnews.com/2025/04/15/ai-scribes-artificial-intelligence-medicine-note-writing-physician-patient-relationship/

Today my #rust compiler told me "expected future, found a different future".

And I'm like: me too buddy, me too

[RSS] New writeup: a vulnerability in PHP's extract() function allows attackers to trigger a double-free, which in turn allows arbitrary code execution (native code)

https://ssd-disclosure.com/ssd-advisory-extract-double-free5-x-use-after-free7-x-8-x/

Can't find official identifiers for this, the GitHub advisory link is broken...

Never forget.

Maybe you should build your own website https://neocities.org

I got #X11 running on the #PinephonePro under #FreeBSD ! Shown here running my favourite #icewm window manager. Super exciting! Now to get the touch screen working 😬

https://tobykurien.com/images/microblog/post-1744879274-0.jpg https://tobykurien.com/images/microblog/post-1744879274-1.jpg https://tobykurien.com/images/microblog/post-1744879274-2.jpg

I never liked nu metal and I feel retrospectively justified by the fact that both Fred Durst and Kid Rock seem to be almost uniquely brain damaged even today.

Project: microsoft/TypeScript https://github.com/microsoft/TypeScript
File: src/services/classifier.ts:1108 https://github.com/microsoft/TypeScript/blob/cbac1ddfc73ca3b9d8741c1b51b74663a0f24695/src/services/classifier.ts#L1108

function classifyTokenType(tokenKind: SyntaxKind, token?: Node): ClassificationType | undefined

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fmicrosoft%2FTypeScript%2Fblob%2Fcbac1ddfc73ca3b9d8741c1b51b74663a0f24695%2Fsrc%2Fservices%2Fclassifier.ts%23L1108&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fmicrosoft%2FTypeScript%2Fblob%2Fcbac1ddfc73ca3b9d8741c1b51b74663a0f24695%2Fsrc%2Fservices%2Fclassifier.ts%23L1108&colors=light

[RSS] Dubious security vulnerability: Once I have tricked the user into running a malicious shortcut, I can install malware

https://devblogs.microsoft.com/oldnewthing/20250414-00/?p=111072

Oh, this is interesting (and a little scary)

tl;dr don’t use SSDs for long term, offline storage. The data degrades after as little as two years without the drives being powered up

https://www.tomshardware.com/pc-components/storage/unpowered-ssd-endurance-investigation-finds-severe-data-loss-and-performance-issues-reminds-us-of-the-importance-of-refreshing-backups

[RSS] The Windows Registry Adventure #6: Kernel-mode objects

https://googleprojectzero.blogspot.com/2025/04/the-windows-registry-adventure-6-kernel.html

#CISA Warns of Credential Risks Tied to #Oracle Cloud Breach:
👇
https://securityonline.info/cisa-warns-of-credential-risks-tied-to-oracle-cloud-breach/

Is it me or is it really not possible to vote on URL's on VT anymore?