Hot Topics

Windows

Breaking Bitlocker

| | BitLocker, cpu, Crypto, drive encryption, encryption, Microsoft, Mobile Security, security, Windows
It was only a matter of time before someone did this. Bitlocker is Microsoft’s technique for encrypting a desktop, laptop, or other MS Windows device. We encrypt the device to protect the ...
Cryptosmith
Why Windows can’t follow WSL symlinks

Why Windows can’t follow WSL symlinks

| | Linux, Windows
By Yarden Shafir Did you know that symbolic links (or symlinks) created through Windows Subsystem for Linux (WSL) can’t be followed by Windows? I recently encountered this rather frustrating issue as I’ve ...
Trail of Bits Blog

New Windows/Linux Firmware Attack

| | BIOS, Exploits, firmware, Linux, Uncategorized, Vulnerabilities, Windows
Interesting attack based on malicious pre-OS logo images: LogoFAIL is a constellation of two dozen newly discovered vulnerabilities that have lurked for years, if not decades, in Unified Extensible Firmware Interfaces responsible ...
Schneier on Security
ETW internals for security research and forensics

ETW internals for security research and forensics

| | Guides, Windows
By Yarden Shafir Why has Event Tracing for Windows (ETW) become so pivotal for endpoint detection and response (EDR) solutions in Windows 10 and 11? The answer lies in the value of ...
Trail of Bits Blog
View Disassembly and Pseudocode Windows Synchronize Side-by-Side In IDA Pro [ Patreon Unlocked ]

Uncovering RPC Servers through Windows API Analysis

| | Authentication, Reverse Engineering, rpc, Windows
IntroHave you ever tried to reverse a simple Win32 API? If not, let’s look at one together today! This article serves as a hand-holding walkthrough and documents in detail how I analyzed ...
Posts By SpecterOps Team Members - Medium
Patch Tuesday, October 2023 Edition

Patch Tuesday, October 2023 Edition

| | Adam Barnett, amazon, Apple, CloudFlare, CVE-2023-35349, CVE-2023-36563, CVE-2023-36778, CVE-2023-41763, CVE-2023-44487, Damian Menscher, google, Immersive Labs, iOS 17.0.3, iPadOS 17.0.3, libvpx, Microsoft, Natalie Silva, Patch Tuesday October 2023, Rapid Reset Attack, rapid7, Security Tools, Skype for Business, Time to Patch, Windows, Wordpad
Microsoft today issued security updates for more than 100 newly-discovered vulnerabilities in its Windows operating system and related software, including four flaws that are already being exploited. In addition, Apple recently released ...
Krebs on Security
Microsoft bug bounty AI LockBit ransomware

ZenRAT Targets Windows Users with Fake Bitwarden Site

| | Bitwarden, Cybersecurity, Malware, Microsoft, trojan, Windows
Hackers are using a bogus download page for Bitwarden’s password manager solution to target Windows users with a new remote access trojan (RAT) that’s designed to steal credentials and a range of ...
Security Boulevard
Shadow Wizard Registry Gang: Structured Registry Querying

Shadow Wizard Registry Gang: Structured Registry Querying

| | Cybersecurity, data engineering, data science, Registry, Windows
Why Do We Need New Tooling for Registry Collection?The Windows registry, an intricate database storing settings for both the operating system and the applications that run on it, is a treasure trove ...
Posts By SpecterOps Team Members - Medium
Windows Notification Facility: Peeling the Onion of the Most Undocumented Kernel Attack Surface Yet

Introducing Windows Notification Facility’s (WNF) Code Integrity

| | Research Practice, Windows
By Yarden Shafir, Senior Security Engineer WNF (Windows Notification Facility) is an undocumented notification mechanism that allows communication inside processes, between processes, or between user mode processes and kernel drivers. Similar to ...
Trail of Bits Blog
Exploring Impersonation through the Named Pipe Filesystem Driver

Exploring Impersonation through the Named Pipe Filesystem Driver

| | research, Windows
IntroductionImpersonation happens often natively in Windows, however, adversaries also use it to run code in the context of another user. Recently I was researching named pipe impersonation which naturally led me digging ...
Posts By SpecterOps Team Members - Medium
Load more