Yarden Shafir
@yardenshafir.bsky.social
A circus artist with a visual studio license
Haven’t uploaded them but happy to do that if you find them useful on their own :)
May 29, 2025 at 4:38 PM
Haven’t uploaded them but happy to do that if you find them useful on their own :)
Looks like BlueHatIL talks are online now, so here’s my talk for anyone who wanted to learn about the latest episode of KASLR and couldn’t make it: www.youtube.com/watch?v=Dk2r...
BlueHat IL 2025 - Yarden Shafir - Look, Ma—No Privileges! How Windows Gives You Kernel Pointers...
YouTube video by Microsoft Israel R&D Center
www.youtube.com
May 29, 2025 at 1:30 AM
Looks like BlueHatIL talks are online now, so here’s my talk for anyone who wanted to learn about the latest episode of KASLR and couldn’t make it: www.youtube.com/watch?v=Dk2r...
I wonder if Google maps can give me driving directions to TraceView, Tennessee
April 25, 2025 at 6:53 PM
I wonder if Google maps can give me driving directions to TraceView, Tennessee
AI search engines are the future
April 25, 2025 at 5:54 PM
AI search engines are the future
Microsoft threat actor found in the wild
April 7, 2025 at 5:17 AM
Microsoft threat actor found in the wild
To me this looks like an oversight by Microsoft, not an intentional thing, but I’m not sure windows defender ever blocked any drivers through the ELAM callback so I don’t know if this changes much.
Other EDRs: do you use the ELAM blocking functionality or only use it for the cert?
Other EDRs: do you use the ELAM blocking functionality or only use it for the cert?
April 3, 2025 at 10:13 AM
To me this looks like an oversight by Microsoft, not an intentional thing, but I’m not sure windows defender ever blocked any drivers through the ELAM callback so I don’t know if this changes much.
Other EDRs: do you use the ELAM blocking functionality or only use it for the cert?
Other EDRs: do you use the ELAM blocking functionality or only use it for the cert?
For about a year now, WdBoot.sys essentially does nothing. Microsoft installs 2 versions:
- \System32\drivers\wdboot.sys is the “full”, functional version
- \System32\drivers\wd\wdboot.sys is the “empty” version, which is the one being updated and loaded.
Does anyone know the reason behind this?
- \System32\drivers\wdboot.sys is the “full”, functional version
- \System32\drivers\wd\wdboot.sys is the “empty” version, which is the one being updated and loaded.
Does anyone know the reason behind this?
April 3, 2025 at 10:12 AM
For about a year now, WdBoot.sys essentially does nothing. Microsoft installs 2 versions:
- \System32\drivers\wdboot.sys is the “full”, functional version
- \System32\drivers\wd\wdboot.sys is the “empty” version, which is the one being updated and loaded.
Does anyone know the reason behind this?
- \System32\drivers\wdboot.sys is the “full”, functional version
- \System32\drivers\wd\wdboot.sys is the “empty” version, which is the one being updated and loaded.
Does anyone know the reason behind this?
The dying words of the American empire will be “I don’t think this code does anything. I’ll go ahead and delete that.”
March 29, 2025 at 4:47 AM
The dying words of the American empire will be “I don’t think this code does anything. I’ll go ahead and delete that.”
Oh look they’re going to vibe program the SSA systems. I’m sure this will be perfectly fine and will cause no issues.
SCOOP: DOGE wants to rebuild SSA's codebase in months, risking benefits and system collapse, sources tell me.
The plan is to migrate all systems off COBOL quickly which would likely require the use of generative AI.
www.wired.com/story/doge-r...
The plan is to migrate all systems off COBOL quickly which would likely require the use of generative AI.
www.wired.com/story/doge-r...
DOGE Plans to Rebuild SSA Codebase In Months, Risking Benefits and System Collapse
Social Security systems contain tens of millions of lines of code written in COBOL, an archaic programming language. Safely rewriting that code would take years—DOGE wants it done in months.
www.wired.com
March 29, 2025 at 4:46 AM
Oh look they’re going to vibe program the SSA systems. I’m sure this will be perfectly fine and will cause no issues.
Knowing they eat steak makes them even scarier
March 22, 2025 at 1:21 AM
Knowing they eat steak makes them even scarier
This cute little thing sounds like a witch laughing in a dark forest and has tried to kill me twice so far
March 20, 2025 at 2:03 PM
This cute little thing sounds like a witch laughing in a dark forest and has tried to kill me twice so far
I was told Australia is scary but didn’t expect to land and immediately get threatened by a public bus
March 16, 2025 at 2:04 AM
I was told Australia is scary but didn’t expect to land and immediately get threatened by a public bus
Windows is going through some stuff right now
March 6, 2025 at 9:33 PM
Windows is going through some stuff right now
Reposted by Yarden Shafir
"Zen and the Art of Microcode Hacking"
Tragic signature bypass enables custom microcode loading on AMD processors, and a tool to do it. The blog is extremely well written and provides concise explanations of topics mentioned + plenty of resources! A must read.
bughunters.google.com/blog/5424842...
Tragic signature bypass enables custom microcode loading on AMD processors, and a tool to do it. The blog is extremely well written and provides concise explanations of topics mentioned + plenty of resources! A must read.
bughunters.google.com/blog/5424842...
Blog: Zen and the Art of Microcode Hacking
This blog post covers the full details of EntrySign, the AMD Zen microcode signature validation vulnerability recently discovered by the Google Security team.
bughunters.google.com
March 6, 2025 at 2:32 AM
"Zen and the Art of Microcode Hacking"
Tragic signature bypass enables custom microcode loading on AMD processors, and a tool to do it. The blog is extremely well written and provides concise explanations of topics mentioned + plenty of resources! A must read.
bughunters.google.com/blog/5424842...
Tragic signature bypass enables custom microcode loading on AMD processors, and a tool to do it. The blog is extremely well written and provides concise explanations of topics mentioned + plenty of resources! A must read.
bughunters.google.com/blog/5424842...
Small anecdote about thread priorities and throttling on Windows 11:
I’m downloading a large file.
Estimated time left: 28 minutes.
Open notepad, put it as the front window. Download time left: 57 minutes.
Close notepad, browser back in front. Time left: 27 minutes.
I’m downloading a large file.
Estimated time left: 28 minutes.
Open notepad, put it as the front window. Download time left: 57 minutes.
Close notepad, browser back in front. Time left: 27 minutes.
March 6, 2025 at 8:21 PM
Small anecdote about thread priorities and throttling on Windows 11:
I’m downloading a large file.
Estimated time left: 28 minutes.
Open notepad, put it as the front window. Download time left: 57 minutes.
Close notepad, browser back in front. Time left: 27 minutes.
I’m downloading a large file.
Estimated time left: 28 minutes.
Open notepad, put it as the front window. Download time left: 57 minutes.
Close notepad, browser back in front. Time left: 27 minutes.
I’m not saying you definitely have to go to @BlueHatIL this year, I’m just letting you know it’s free, by the beach and I’ll be there dropping kernel pointers to anyone who asks nicely
March 5, 2025 at 11:07 PM
I’m not saying you definitely have to go to @BlueHatIL this year, I’m just letting you know it’s free, by the beach and I’ll be there dropping kernel pointers to anyone who asks nicely
Reposted by Yarden Shafir
I work with cool people who do cool things: www.eff.org/deeplinks/20...
Meet Rayhunter: A New Open Source Tool from EFF to Detect Cellular Spying
Rayhunter is a new open source tool we’ve created that runs off an affordable mobile hotspot that we hope empowers everyone, regardless of technical skill, to help search out cell-site simulators (CSS...
www.eff.org
March 5, 2025 at 10:32 PM
I work with cool people who do cool things: www.eff.org/deeplinks/20...
Celebrating flat fuck Friday
February 28, 2025 at 9:21 PM
Celebrating flat fuck Friday
Wanted to live tweet so bad but also didn’t wanna look away from the show it was so good. And the best singer in this was Janet!
February 20, 2025 at 6:03 PM
Wanted to live tweet so bad but also didn’t wanna look away from the show it was so good. And the best singer in this was Janet!
Not that I saw but there were some of the usual shout outs and the narrator responded to all of them
February 19, 2025 at 9:25 PM
Not that I saw but there were some of the usual shout outs and the narrator responded to all of them
“It was a strange night… how strange? As strange as the strangest thing going through Trump’s head”
February 19, 2025 at 8:19 PM
“It was a strange night… how strange? As strange as the strangest thing going through Trump’s head”
This is a full theatre production, live singing and all. This is everything I could ever ask for.
The narrator is brilliant and I’m crying laughing.
The narrator is brilliant and I’m crying laughing.
February 19, 2025 at 8:19 PM
This is a full theatre production, live singing and all. This is everything I could ever ask for.
The narrator is brilliant and I’m crying laughing.
The narrator is brilliant and I’m crying laughing.
Going to a Rocky Horror show in a quiet UK town and the crowd is almost entirely old British people so I’m expecting an incredible time
February 19, 2025 at 7:33 PM
Going to a Rocky Horror show in a quiet UK town and the crowd is almost entirely old British people so I’m expecting an incredible time
