Windows
Introducing Windows Notification Facility’s (WNF) Code Integrity
By Yarden Shafir, Senior Security Engineer WNF (Windows Notification Facility) is an undocumented notification mechanism that allows communication inside processes, between processes, or between user mode processes and kernel drivers. Similar to ...
Exploring Impersonation through the Named Pipe Filesystem Driver
IntroductionImpersonation happens often natively in Windows, however, adversaries also use it to run code in the context of another user. Recently I was researching named pipe impersonation which naturally led me digging ...
Rust in Windows — it’s Official — Safe and Fast
Richi Jennings | | David Weston, memory safe, memory safe language, Microsoft, Microsoft Windows, rust, SB Blogwatch, Windows
40-year-old code: Starting with ancient, vulnerable legacy, Redmond team is rewriting chunks in the trendy secure language ...
Security Boulevard
Hacks at Pwn2Own Vancouver 2023
An impressive array of hacks were demonstrated at the first day of the Pwn2Own conference in Vancouver: On the first day of Pwn2Own Vancouver 2023, security researchers successfully demoed Tesla Model 3, ...
The Defender’s Guide to Windows Services
It’s dangerous to find malicious services alone! Take this!Authors: Luke Paine & Jonathan JohnsonIntroductionThis is the second installment of the Defender’s Guide series. In keeping with the theme, we are discussing Windows Services, the ...
Mitigating the North Korean Cybersecurity Threat
Cybersecurity firm Kaspersky recently published an analysis that detailed how a North Korean threat actor, which it called the BlueNoroff group, is stealing cryptocurrency by bypassing the “Mark of the Web” flag ...
Security Boulevard
Critical Microsoft Code-Execution Vulnerability
A critical code-execution vulnerability in Microsoft Windows was patched in September. It seems that researchers just realized how serious it was (and is): Like EternalBlue, CVE-2022-37958, as the latest vulnerability is tracked, ...
Microsoft Patch Tuesday, December 2022 Edition
BrianKrebs | | Apple zero-day, CVE-2022-41076, CVE-2022-44698, CVE-2022-44710, CVE-2022-44713, Greg Wiseman, Immersive Labs, Kevin Breen, Latest Warnings, Microsoft Patch Tuesday December 2022, powershell, rapid7, Security Tools, sophos, Time to Patch, Trend Micro's Zero Day Initiative, Will Dormann, Windows
Microsoft has released its final monthly batch of security updates for 2022, fixing more than four dozen security holes in its various Windows operating systems and related software. The most pressing patches ...
Uncovering Window Security Events
Part 1: TelemetrySourceData is the foundation by which defense is built upon. This data can come from various telemetry sources — native logging, Endpoint Detection and Response (EDR) tools, network logging, etc. The data ...
Patch Tuesday, November 2022 Election Edition
BrianKrebs | | AskWoody, CVE-2022-41073, CVE-2022-41080, CVE-2022-41082, CVE-2022-41091, CVE-2022-41125, CVE-2022-41128, Immersive Labs, Kevin Breen, Microsoft, Microsoft Patch Tuesday November 2022, SANS Internet Storm Center, Satnam Narang, Tenable, Time to Patch, Windows, Windows Print Spooler
Let's face it: Having “2022 election” in the headline above is probably the only reason anyone might read this story today. Still, while most of us here in the United States are ...