Andrea Allievi
@aall86
Currently Senior Windows Core OS Engineer, Windows Internals Enthusiast and Book author, tennis lover, currently working for MS. Opinions and tweets are my own.
coderush.me/hydroph0bia-pa… Very cool attack! Who know what else is in buggy firmwares? Time to take out my rusty IDA too? :-) Good job @NikolajSchlej
I apologize, I usually do *NOT* ever post about politics, but I like the Italian prime minister: she is always determined and never use insults or bad words when talking about the opponents... anybody can think whatever they want, but I think that respect should be always there.
Un commento sull’esito dei referendum e sulla reazione della sinistra
The embargo (12:00 UTC 2025-06-10) is over, let's start a thread on Hydroph0bia (CVE-2025-4275), a trivial SecureBoot and FW updater signature bypass in almost any Insyde H2O-based UEFI firmware used since 2012 and still in use today. English writeup: coderush.me/hydroph0bia-pa…
Totally agree. My manager was laid off too unfortunately.
You’re just a number in the end of the day, unfortunately.
NEWS: MICROSOFT TERMINATES 7,000 EMPLOYEES EFFECTIVE IMMEDIATELY
Great training in Europe from @standa_t
I am thrilled to be back and offer the in-person training once again at Hexacon, the fabulous conf. in Paris hexacon.fr/trainer/tanda/ Get hands-on experience with virtualization and learn real-world applications and bugs of them! The tickets will be available for purchase soon.
techcommunity.microsoft.com/blog/windows-i… Finally! I personally worked on Hotpatch, together with my team 3 years ago... and now is finally approaching client versions of Windows... Yuuuyuuu!
andrea-allievi.com/blog/a-minikvm… Finally after hours and hours of assembling a YouTube video... MiniKvm 1.0 is there :-) Have fun and let me know if you find it useful...
My team designed and is maintaining Enclaves. Good article here :-)
Awesome post from my team on VBS enclave security techcommunity.microsoft.com/blog/microsoft…
dennisbabkin.com/blog/?t=primer… This series of blog posts is amazing if you are curious about (part of) the Windows Logon process...
techcommunity.microsoft.com/blog/windows-i… Adminless UAC is coming... Described in my oncoming Windows Internals course on the O'Reilly website oreilly.com/live-events/wi…
Cool analysis and reading about shadow stacks by @33y0re ! Documenting the HV_MAP_GPA_* flags is on my huge TODO list :-) I am also glad to see Sourcepoint by @AlanSguigna starting to really help folks!
Today I’m sharing a blog post on the implementation of kernel mode shadow stacks on Windows! This post covers actively debugging the Secure Kernel and also outlines why VTL 1 is relied on to help maintain the integrity of the supervisor shadow stacks! connormcgarr.github.io/km-shadow-stac…
github.com/google/securit… Our newest research project is finally public! We can load malicious microcode on Zen1-Zen4 CPUs!
github.com/AaLl86/MiniKvm… MiniKvm release 1.0 is public now, and works 60 FPS. I am writing a blog post explaining how this works too :-)
dfir.ru/2025/01/20/cve… I am not a crypto guy, but this paper is well explained and great @errno_fail ! Suggested reading also for newbies in crypto like me!
Prendetevi qualche minuto per guardare le immagini esclusive successive all’incidente di Ramy, mandate in onda da Paolo del Debbio su Rete 4 grazie ai filmati delle bodycam (uno strumento fondamentale per l’operato degli agenti che la Lega ha fortemente voluto e fatto passare nel…
Both Intel SDM v86 and Instruction Set Extensions Programming Reference v56 are out. intel.com/sdm SDM updates are minor. The other adds proper virtualization of IA32_SPEC_CTRL (on top of mask/shadow added before).
Cool presentation!
I ran out of time during my webinar on Hyper-V to demonstrate Secure Kernel VBS Enclave debug. To watch a short clip, see here: asset-intertech.com/resources/vide…. Watch the full webinar recording here, with Defender, bootmgfw and winload_prod debug here: attendee.gotowebinar.com/register/75158…
In my upcoming webinar next week, on Thursday, Dec. 12th at 10:30am Central Time, I'll be demonstrating debug of Windows as you've never seen it before. The registration link is here: attendee.gotowebinar.com/register/75158…
Check out our latest blog from our Red Team about EDR evasion through malware virtualisation: blog.fox-it.com/2024/09/25/red…