Security Engineer at Palantir. Previously Windows Kernel team at Microsoft. MS Certified Master: #ActiveDirectory. Here for anything with a windbg screenshot.
Released v1.1.30 of NtObjectManager to the PS gallery. Main addition is the support for named pipe RPC clients. Also updated the NuGet packages, they now contain multi-target (no more "Core" versions) as well as full symbols and source link support. powershellgallery.com/packag…
Having discovered various issues with Windows mini-filter drivers lately I found public information about how to analyze such drivers for security issues somewhat lacking. Therefore today I've put out a blog post to try and fix that glitch :-) googleprojectzero.blogspot.c…
We've noted our findings after a couple of years auditing #Windows#Defender Attack Surface Reduction events.
Hopefully it will help anyone considering block mode.
Being able to use the credential stealing/lsass rule was the surprise for me.
medium.com/palantir/microsof…
My latest blog has a comprehensive (if I may say so) attack surface analysis of app update mechanism on Windows. Six relevant bugs are reviewed. It also has a 'novel' way of bypassing sig checks using signed Electron binaries and backdoored app.asars.
parsiya.net/blog/2021-01-08-…
The second part of my series of blogposts about hooking miniport and minifilter drivers. In this session I focus on how to hook display miniport callbacks:
aviadshamriz.medium.com/part…
#OAuth has 4 Flows for retrieving an Access Token.
If you have worked with it, you know how difficult is it to remember what is what.
A Zine says a lot, seriously a lot. Check this out.
Idea credits @b0rk#IAM#security#infosec#webdev#web#webcomic#webcomics
RT if useful
Hey @Scottduf, @ConfigMgrDogs - can you settle an argument for us? How close is Intune to having all the settings available in Group Policy today? (3rd party stuff aside).