If you're interested in Arm64 security and VBS internals, I would suggest looking into CVE-2025-21325, quite a spectacular vulnerability @33y0re https://t.co/OGLQJmFnnr
Starting 2026 with a new blog! I've really been enjoying my Windows on ARM machine - so my post is about interrupts for WoA. This includes x64/ARM differences, virtual interrupts, Hyper-V's synthetic controller, and Secure Kernel interrupts/intercepts
https://t.co/HvSbtsCtGu
Read about kernel sanitizers, powerful detection features that can uncover bugs in kernel-mode components, and how they enable Microsoft engineering teams to identify and fix vulnerabilities earlier in the software development cycle: https://t.co/OYg8JCES9e
CVE-2022-23088: A new guest blog from @m00nbsd describes a 13-yr-old heap overflow in the Wi-Fi stack that allows network-adjacent attackers to execute code on affected installations of FreeBSD Kernel. Includes root cause & PoC. Read the details at https://t.co/NPHu6jkiaa
Dudes, you don't seem to have noticed there are some nicer big-ass vulns in that hypervisor. This one for example, host stack r/w overflow, full VM escape, and no, retguard does not mitigate it. #OpenBSD
OPENBSD_6_9 bluhm@ modified usr.sbin/vmd/virtio.c: vmd guests can trigger excessive log messages on the host by sending certain network packets. this is errata/6.9/001_vmd.patch.sig
@AlwaysCurious__@openbsdnow Indeed, and there were also other remote kernel vulns over the last few years that qualified as well.
But whatever -- #OpenBSD's slogan is known to be fraudulent.
The recent ICMPv6 stuff in Windows reminded me I still had similar BSD vulns in my garage, so here we go
Remote use-after-free in #OpenBSD via ICMPv6: https://t.co/CaFcAgG3Rf
Remote use-after-free in #FreeBSD via ICMPv6: https://t.co/PpvVi2HdiC
RCE possible in the first one.
Trivial VM escape in #Bhyve: if you're a guest, allocate a GPA, use a VMLOAD+RDMSR probe to determine its HPA, use SKINIT to reinit the CPU core at that HPA. The CPU core restarts and executes your instructions in host mode. That's it, you're the host.
A new guest blog with an excellent analysis from @m00nbsd shows a fast and smooth privilege escalation exploit in #FreeBSD. His write-up includes PoC and a video demo. Read the details at https://t.co/Vy9gwIPYc6
I guess I should one day publish my "NetBSD Privileged Kernel" research on #NetBSD, here for example running the motherboard's SMM in a container to protect the kernel from firmware vulns and backdoors