Olivia
Online
George Hughey
@ecthr0s
Security Researcher at Microsoft WARP
Seattle, WA
Joined June 2018
193 Following
592 Followers
67 Posts
Check out the talk here: https://t.co/LiUkZMHWnK
Super happy to see the blog post and Defcon talk go live!!! These are some of my proudest finds 😊
Ever wondered how Windows decides if a file path is local, intranet, or Internet, and why it matters for security? Our latest blog from MSRC Senior Security Research Managers George Hughey (@ecthr0s) and Rohit Mothe (@rohitwas) dives deep into MapUrlToZone (MUTZ), the critical Windows component that helps protect users from credential leaks and remote code execution.
In this blog, you’ll learn:
➤ How MUTZ works behind the scenes
➤ Real-world vulnerabilities and CVEs discovered by Microsoft researchers
➤ The latest fixes and what they mean for Windows security
Check out our latest blog post and see how MSRC is strengthening defenses for everyone: https://t.co/acEVhEhPUe
@brianjmcnulty Congrats Brian!! Can't wait to see it :)
Congratulations to George Hughey, the CyberPatriot XV Mentor of the Year!
Who to follow
Ruurtjan Pul
@Ruurtjan
Full-time indie maker.
• https://t.co/imB7t3axAJ
• https://t.co/t3Cslnnmo9
F4b
@0xf4b
VR team tech lead @Synacktiv
kylebot
@ky1ebot
@OpenAI | CTF player @Shellphish | PhD @ASU | @angrdothorse dev | Author of how2heap, angrop | Vulnerability Research Hobbyist | @[email protected]
At @defcon 33, George Hughey (@ecthr0s) and Rohit Mothe (@rohitwas), Senior Security Research Managers at MSRC, took us back to the 90s with their talk on the ghost of Internet Explorer in Windows: MapUrlToZone.
They uncovered how this legacy API, used by Outlook, Office, Windows Shell, and sandboxes to make security decisions, was vulnerable to manipulation. Their deep dive revealed a dozen CVEs and led to systemic mitigations across Microsoft platforms.
Learn how MSRC’s technical investigations drive proactive protection for customers and why legacy code still matters in the slides available here: https://t.co/DSORcAoePz
#DEFCON #DEFCON33
@HaifeiLi @nachoskrnl He gave us a lot of insights! There were many late nights reading his blogs
This week's Patch Tuesday included 8 CVEs that @rohitwas and I found!
We've been focusing on findings ways to bypass MapUrlToZone and found several very interesting ways to confuse it. This is an API we've seen a lot of interest in lately, so good to have it locked down!
We're super proud of this work - it took a lot of poking around in Windows Internals and a huge effort from Engineering to fix all these issues. Many thanks to all who worked on these :)
As many of these exploit differences in CreateFile and MUTZ, we've duplicated some of the behavior in CreateFile. This should help prevent similar bypasses in the future. We're planning on releasing more info about this research over the coming months, so stay tuned!
To help protect against NTLM relay attacks, we’ve enabled Extended Protection for Authentication (EPA) by default in Windows Server 2025. This update strengthens key services like Exchange Server, Active Directory Certificate Services (AD CS), and LDAP, making identity compromise and unauthorized access more difficult.
Learn more about these security improvements and how they can help protect your systems in our blog post: https://t.co/Ri1wnV8xkG
@rohitwas Probably cuz you keep showing me how to find them 😉
My 50th CVE came out in today's Patch Tuesday! CVE-2024-38240 is the last of some hardening we've been doing in a Windows service, and CVE-2024-38252/CVE-2024-38253 are two proactive efforts we worked on with some static analysis friends :)
CanSecWest Presentation:
Rolling in the Dough: How Microsoft Identified and Remediated a Baker’s Dozen of Security Threats in the Windows DNS Server
George Hughey, Microsoft
https://t.co/0wkkZ7tzu2
@20brokenSP Let's go Sam!!
@stack__trace You should buy it and see if it gets back to you
I'm hoping to give a conference talk/blog post on the DNS Admin research, methodology, and fix process we've been doing soon(ish), so stay tuned!
Yesterday's Patch Tuesday saw the release of 10 CVEs I found in DNS! These could potentially allow an authenticated attacker to gain remote code execution. A huge thank you to the DNS team who worked through and fixed these.
https://t.co/78wxsVh385
Last Seen Users on Sotwe
Replika 
Seen from Turkey
Johny Deshh
Seen from Turkey
Joda top
Seen from Pakistan
Nadia Khan
Seen from Turkey
Antonio xol
Seen from Guatemala
Scarlette
Seen from Singapore
TENİN RENGİ 🔥
Seen from Turkey
Javier Luna
Seen from United States
DJ Johnson
Seen from Vietnam
Liseli Çıtır Kızlar
Seen from Turkey
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.6M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers