Windows Internals Expert, Speaker, Trainer and Security Researcher. He/Him. RTs are not endorsements, opinions are my own.

Seattle, WA
Joined April 2008
Attackers can exploit CVE-2020-1048 with a single PowerShell command: Add-PrinterPort -Name c:\windows\system32\ualapi.dll On an unpatched system, this will install a persistent backdoor, that won't go away *even after you patch*. See windows-internals.com/printd… for more details.
32
1,234
2,275
Show this thread
One of the most un-acknowledged Windows 10 mysteries, likely because you needed to enable KDNET to see it. I wonder if anyone will ever step up here :)
5
5
53
Alex Ionescu retweeted
Update to Process Hacker: "Image Coherency" checks per-module, credit and thanks to dmex! 🥳 - more improvements incoming! github.com/processhacker/pro…
3
23
80
Alex Ionescu retweeted
The sheer number of net new topics is astounding, and I think this will tickle the fancy of many that have been following the numerous changes made to Windows 10 and were hoping to see them described. I'm responsible for much of the delay in getting this out of the door😰. Enjoy!
2
11
91
Show this thread
I'm super excited to announce that as of this week, @aall86 and I should've finished putting in all the work into Windows Internals 7th Edition, Part 2. I wanted to call out the amazing work Andrea did, which probably amounts to at least 80% of the new content.
19
138
658
The sheer number of net new topics is astounding, and I think this will tickle the fancy of many that have been following the numerous changes made to Windows 10 and were hoping to see them described. I'm responsible for much of the delay in getting this out of the door😰. Enjoy!
2
11
91
Alex Ionescu retweeted
Having discovered various issues with Windows mini-filter drivers lately I found public information about how to analyze such drivers for security issues somewhat lacking. Therefore today I've put out a blog post to try and fix that glitch :-) googleprojectzero.blogspot.c…
4
238
477
Alex Ionescu retweeted
bladeRF-wiphy is an open-source IEEE 802.11 compatible software defined radio VHDL modem. Learn more about how bladeRF-wiphy functions and operates with mac80211 at nuand.com/bladeRF-wiphy . The bladeRF-wiphy Github is github.com/Nuand/bladeRF-wip… !
1
32
82
Alex Ionescu retweeted
CET implementation keeps getting new additions so felt it was time to write about a feature that was added a while back to help it handle dynamic code: windows-internals.com/cet-up…
1
22
62