How PatchGuard detects hypervisor-based hooks. Written by two Riot Games Anti-Cheat Engineers. Some of the most underrated researchers in the Windows internals and kernel/hypervisor security space.
Microsoft embedded multiple detection techniques inside PatchGuard to catch hypervisors hiding the real LSTAR MSR value. Trap flags, MOV SS tricks, ICEBP edge cases, LSTAR shadowing, and deliberately triggered page faults that expose the real syscall handler address.
Part 2 includes a custom detection technique with a full working PoC.
Part 1: https://t.co/pJNWLBDuQW
Part 2: https://t.co/nheDEfeDD1
PoC: https://t.co/e5PDrvaOj3
Authors: @nickeverdox@aidankhoury
#WindowsInternals #ReverseEngineering #AntiCheat
@thedawgyg@theo@thedawgyg How are you using it for security research? this guy never accepts my Hi because my all chats are about exploitation etc stuff. Switches directly to opus
StepStone: LLM-Based GPU Kernel Driver Fuzzing via User-Space Libraries
Paper by @ETenal7 et. al about using LLMs for generating syzkaller descriptions for fuzzing GPU drivers via their userspace libraries APIs.
https://t.co/vhF9E8kY2j
the engineer who built Claude Code just dropped a 28-minute video on how to write prompts that actually work
I've seen $300 courses that don't cover what he shows in the first 10 minutes
CLAUDE.md files, memory shortcuts, parallel sessions, prompting patterns
all in one video and completely free
works whether you're a developer, a beginner, or someone who's been using Claude for months
based on this, I put together 18 things you can copy and use in Claude today
full guide in the article below
Introducing What The Claude: Browser Edition.
A series where we pick apart browser bugs found/reported by Claude.
First up: CVE-2026-2796, a SpiderMonkey Wasm import bug that leads to addrof/fakeobj/read-write.
https://t.co/njBC5WEjq8
interestingly, kernel anti-cheats share many similarities to EDR.
the conclusion is that the ultimate cheat is an vision based llm controlling the inputs, which is similar to web-scraping.
thanks for the writeup and insights @s4dbrd!
https://t.co/wDZ7zPiPT5
Finally, it is published 😁 Making Vulnerable Drivers Exploitable Without Hardware - my latest research on driver vulnerability hardware-gating, explaining the concept of hardware-dependent code and diving deep into creative deployment techniques - software-emulated phantom devices, driver restacking, and forced driver replacement — all explored through the lens of Bring Your Own Vulnerable Driver (BYOVD) attacks:
https://t.co/COJ0BKpZQe