|
Matt Miller
@
epakskape
|
|
Killing bug classes and breaking exploits as part of @msftsecresponse. Adding more entropy to the Internet. hick.org/~mmiller
|
|
|
1.177
Tweetovi
|
632
Pratim
|
10.550
Osobe koje vas prate
|
| Tweetovi |
|
Matt Miller
@epakskape
|
30. sij |
|
Thanks for flagging, I'll pass this on to the team to take a look at
|
||
|
|
||
|
Matt Miller
@epakskape
|
27. sij |
|
Not sure if this is an official account or not, adding @tanmayg who might know for sure :)
|
||
|
|
||
| Matt Miller proslijedio/la je tweet | ||
|
Hari Pulapaka
@TheRealHariP
|
27. sij |
|
we have an update to DTrace on Windows. with the latest 20H1 insider build, no more KD required to use dtrace on windows. plus arm64 MSI.
techcommunity.microsoft.com/t5/windows-ker…
|
||
|
|
||
| Matt Miller proslijedio/la je tweet | ||
|
—(÷[ Nate Warfield speaking @ BlueHat IL ]÷)—
@n0x08
|
24. sij |
|
We updated the Security Servicing Criteria for Windows today clarifying a non-boundary (Hyper-V Administrator Group) & expanding the Administrator-to-Kernel non-boundary.
We do this periodically in response to research trends; feedback is always welcome.
aka.ms/windowscriteria
|
||
|
|
||
|
Matt Miller
@epakskape
|
21. sij |
|
Super excited for #BlueHatIL in a few weeks
I'll be attending the conference, so shoot me a DM if you want to meet or catch up :)
Thanks to @tom41sh & team as well as all of the speakers for putting together a great agenda! twitter.com/BlueHatIL/stat…
|
||
|
|
||
|
Matt Miller
@epakskape
|
21. sij |
|
Here's your chance to hear @JohnLaTwC tell the story of MS08-067 and finding exploits in crash reports :)
And in case you missed the blog post he published a while ago: docs.microsoft.com/en-us/archive/… twitter.com/DarknetDiaries…
|
||
|
|
||
| Matt Miller proslijedio/la je tweet | ||
|
Dave dwizzzle Weston
@dwizzzleMSFT
|
18. sij |
|
Agree this is a good analysis. Props. twitter.com/chrisrohlf/sta…
|
||
|
|
||
|
Matt Miller
@epakskape
|
16. sij |
|
Worth checking out if you're interested in safer programming language research! twitter.com/ParkyMatthew/s…
|
||
|
|
||
|
Matt Miller
@epakskape
|
16. sij |
|
Here's another citation from the first use of this API :) cc @0vercl0k
msrc-blog.microsoft.com/2015/08/11/def…
|
||
|
|
||
|
Matt Miller
@epakskape
|
16. sij |
|
Great in-depth analysis of many of the changes that have been made thus far to support CET on Windows
Looking forward to the future of CET capable CPUs :) twitter.com/yarden_shafir/…
|
||
|
|
||
| Matt Miller proslijedio/la je tweet | ||
|
JarekMSFT
@JarekMsft
|
15. sij |
|
Increased bounty awards for the new Microsoft Edge starting today. We'll continue to award on repro for the new Edge program. twitter.com/msftsecrespons…
|
||
|
|
||
|
Matt Miller
@epakskape
|
14. sij |
|
During variant analysis of the issue, some other functions were spotted as having a similar vulnerability and fixed in previous versions.
This is actually an old bug class that @j00ru spotted a while back, but unfortunately crept back into a few places
j00ru.vexillium.org/2011/05/subtle…
|
||
|
|
||
|
Matt Miller
@epakskape
|
10. sij |
|
No worries, I know it's not obvious from the advisory :)
|
||
|
|
||
|
Matt Miller
@epakskape
|
10. sij |
|
Good write-up, just one correction: this was not a silent patch, it was the fix for CVE-2019-1436
portal.msrc.microsoft.com/en-US/security…
|
||
|
|
||
|
Matt Miller
@epakskape
|
10. sij |
|
This is a great opportunity to perform research related to Microsoft's Identity services that's supported by a research grant up to $75K
Bonus: any vulnerabilities you find during the research may be eligible for additional bounty rewards :) twitter.com/msftsecrespons…
|
||
|
|
||
| Matt Miller proslijedio/la je tweet | ||
|
Arthur Wongtschowski
@artwongt
|
9. sij |
|
My team is once more hiring vulnerability researchers for our Redmond WA office. This is for low-level OS/platform security research work on Windows and Azure. More details on what we do at linkedin.com/pulse/vulnerab…. Apply directly at aka.ms/AA6z0a8 or DM me if interested!
|
||
|
|
||
|
Matt Miller
@epakskape
|
7. sij |
|
Kudos to the GPZ team for their willingness to explore new vulnerability disclosure policies in addition to doing great research :)
At the risk of wading into a disclosure debate (plz no), I think these policy changes will help improve customer safety twitter.com/itswillis/stat…
|
||
|
|
||
|
Matt Miller
@epakskape
|
2. sij |
|
A standardized index would be nice, but independent rediscovery can be a great way to leverage your motivation and really learn something new versus just reading about it 🙂
For example, I found out about Peter’s paper after writing locreate and I’m glad it worked out that way
|
||
|
|
||
|
Matt Miller
@epakskape
|
2. sij |
|
Another good one from @bxsays and @sergeybratus from defcon 20 on abusing ELF metadata m.youtube.com/watch?v=JhpAMQ…
|
||
|
|
||
|
Matt Miller
@epakskape
|
2. sij |
|
Peter Szor also had a nice article in virus bulletin (April 2001) called “Tricky Relocations” talking about some samples he encountered that were abusing relocations: virusbulletin.com/uploads/pdf/ma…
I also played around with relocs a while back, they’re fun 🙂 uninformed.org/?v=6&a=3&t=sum…
|
||
|
|
||