Security Engineer at Palantir. Previously Windows Kernel team at Microsoft. MS Certified Master: #ActiveDirectory. Here for anything with a windbg screenshot.

Seattle, WA
Joined November 2014
Restricting SMB based lateral movement in a #Windows environment. Lessons learned from work with the @SpecterOps team; drawing from previous posts by @mattifestation, @Haus3c, @cryps1s, @harmj0y & Mr SMB himself @NerdPyle bit.ly/SMB-lateral-movement #redteam #blueteam #infosec
9
505
1,048
Chad Duffey retweeted
Released v1.1.30 of NtObjectManager to the PS gallery. Main addition is the support for named pipe RPC clients. Also updated the NuGet packages, they now contain multi-target (no more "Core" versions) as well as full symbols and source link support. powershellgallery.com/packag…
3
38
109
Chad Duffey retweeted
Having discovered various issues with Windows mini-filter drivers lately I found public information about how to analyze such drivers for security issues somewhat lacking. Therefore today I've put out a blog post to try and fix that glitch :-) googleprojectzero.blogspot.c…
4
238
477
We've noted our findings after a couple of years auditing #Windows #Defender Attack Surface Reduction events. Hopefully it will help anyone considering block mode. Being able to use the credential stealing/lsass rule was the surprise for me. medium.com/palantir/microsof…
12
143
323
Chad Duffey retweeted
My latest blog has a comprehensive (if I may say so) attack surface analysis of app update mechanism on Windows. Six relevant bugs are reviewed. It also has a 'novel' way of bypassing sig checks using signed Electron binaries and backdoored app.asars. parsiya.net/blog/2021-01-08-…
1
68
194
Chad Duffey retweeted
The second part of my series of blogposts about hooking miniport and minifilter drivers. In this session I focus on how to hook display miniport callbacks: aviadshamriz.medium.com/part…
2
54
126
Show this thread
Chad Duffey retweeted
#OAuth has 4 Flows for retrieving an Access Token. If you have worked with it, you know how difficult is it to remember what is what. A Zine says a lot, seriously a lot. Check this out. Idea credits @b0rk #IAM #security #infosec #webdev #web #webcomic #webcomics RT if useful
26
633
1,711
Show this thread
Hey @Scottduf, @ConfigMgrDogs - can you settle an argument for us? How close is Intune to having all the settings available in Group Policy today? (3rd party stuff aside).
2
0
10