Satoshi
@satoshi-tanda.bsky.social
Software security engineer and trainer @ tandasat.github.io
Pinned
Satoshi
@satoshi-tanda.bsky.social
· Apr 16
I am thrilled to be back and offer the in-person training once again at Hexacon, the fabulous conf. in Paris
hexacon.fr/trainer/tanda/
Get hands-on experience with virtualization and learn real-world applications and bugs of them!
The tickets will be available for purchase soon.
hexacon.fr/trainer/tanda/
Get hands-on experience with virtualization and learn real-world applications and bugs of them!
The tickets will be available for purchase soon.
Impressive
userland ROP on day 1 💪
June 6, 2025 at 3:28 PM
Impressive
Just wrapped up teaching my hypervisor development class. Always refreshing to work with sharp folks from diverse backgrounds—and rewarding to help them get started.
The next class will be in person at @hexacon.bsky.social. Check out the conference page if you're interested.
The next class will be in person at @hexacon.bsky.social. Check out the conference page if you're interested.
May 21, 2025 at 4:19 AM
Just wrapped up teaching my hypervisor development class. Always refreshing to work with sharp folks from diverse backgrounds—and rewarding to help them get started.
The next class will be in person at @hexacon.bsky.social. Check out the conference page if you're interested.
The next class will be in person at @hexacon.bsky.social. Check out the conference page if you're interested.
The registration is open now. See you in Paris!
I am thrilled to be back and offer the in-person training once again at Hexacon, the fabulous conf. in Paris
hexacon.fr/trainer/tanda/
Get hands-on experience with virtualization and learn real-world applications and bugs of them!
The tickets will be available for purchase soon.
hexacon.fr/trainer/tanda/
Get hands-on experience with virtualization and learn real-world applications and bugs of them!
The tickets will be available for purchase soon.
May 6, 2025 at 12:42 AM
The registration is open now. See you in Paris!
My talk about the recent SMM architecture and security at #TheSAS2024: youtube.com/watch?v=AIGj...
The conference was well organized and had plenty of networking opportunities. Though, the best thing was the venue :) It is at a beautiful resort again this year, so you will love it.
The conference was well organized and had plenty of networking opportunities. Though, the best thing was the venue :) It is at a beautiful resort again this year, so you will love it.
Voyage Below the OS: SMM Isolation on the Intel Platform | Satoshi Tanda
YouTube video by Kaspersky Tech
youtube.com
May 3, 2025 at 11:09 PM
My talk about the recent SMM architecture and security at #TheSAS2024: youtube.com/watch?v=AIGj...
The conference was well organized and had plenty of networking opportunities. Though, the best thing was the venue :) It is at a beautiful resort again this year, so you will love it.
The conference was well organized and had plenty of networking opportunities. Though, the best thing was the venue :) It is at a beautiful resort again this year, so you will love it.
This is like "VT-x 101". The essence of HW-assisted VT, everything needed to virtualize Windows on-the-fly, and a bit of security in 2 days.
It misses a ton of fun discussions and exercises that are in my 4 days class, but I am giving back to the community that helped me learn.
It misses a ton of fun discussions and exercises that are in my 4 days class, but I am giving back to the community that helped me learn.
We wanted to point out specifically the update to the System Security Learning Path that the excellent low level engineer & researcher Satoshi Tanda @satoshi-tanda.bsky.social has agreed to create our long-desired 'Architecture 3001: Intel Virtual Machine Extensions (VMX)' class!
💥We've reached 27k registered students!🔥
We've also updated all the learning paths at ost2.fyi/Learning%20P...
Go check out the latest updates, and if you see a class as a white box, that means we're looking for volunteers to teach it!
We've also updated all the learning paths at ost2.fyi/Learning%20P...
Go check out the latest updates, and if you see a class as a white box, that means we're looking for volunteers to teach it!
April 18, 2025 at 1:19 PM
This is like "VT-x 101". The essence of HW-assisted VT, everything needed to virtualize Windows on-the-fly, and a bit of security in 2 days.
It misses a ton of fun discussions and exercises that are in my 4 days class, but I am giving back to the community that helped me learn.
It misses a ton of fun discussions and exercises that are in my 4 days class, but I am giving back to the community that helped me learn.
I am thrilled to be back and offer the in-person training once again at Hexacon, the fabulous conf. in Paris
hexacon.fr/trainer/tanda/
Get hands-on experience with virtualization and learn real-world applications and bugs of them!
The tickets will be available for purchase soon.
hexacon.fr/trainer/tanda/
Get hands-on experience with virtualization and learn real-world applications and bugs of them!
The tickets will be available for purchase soon.
April 16, 2025 at 3:44 AM
I am thrilled to be back and offer the in-person training once again at Hexacon, the fabulous conf. in Paris
hexacon.fr/trainer/tanda/
Get hands-on experience with virtualization and learn real-world applications and bugs of them!
The tickets will be available for purchase soon.
hexacon.fr/trainer/tanda/
Get hands-on experience with virtualization and learn real-world applications and bugs of them!
The tickets will be available for purchase soon.
Reposted by Satoshi
🦀 Hello World!
The Rust project now has an official presence on Bluesky! ✨
We'll be posting the same on our Mastodon and Bluesky accounts, so you won't miss anything on either platform.
The Rust project now has an official presence on Bluesky! ✨
We'll be posting the same on our Mastodon and Bluesky accounts, so you won't miss anything on either platform.
April 5, 2025 at 10:51 AM
🦀 Hello World!
The Rust project now has an official presence on Bluesky! ✨
We'll be posting the same on our Mastodon and Bluesky accounts, so you won't miss anything on either platform.
The Rust project now has an official presence on Bluesky! ✨
We'll be posting the same on our Mastodon and Bluesky accounts, so you won't miss anything on either platform.
The new blog post on supervisor shadow stack restrictions / supervisor shadow-stack control
tandasat.github.io/blog/2025/04...
tandasat.github.io/blog/2025/04...
What keeps kernel shadow stack effective against kernel exploits?
This post introduces one of the virtualization features needed to keep kernel-mode shadow stack functional against kernel exploits: supervisor shadow stack restrictions / supervisor shadow-stack contr...
tandasat.github.io
April 2, 2025 at 2:39 PM
The new blog post on supervisor shadow stack restrictions / supervisor shadow-stack control
tandasat.github.io/blog/2025/04...
tandasat.github.io/blog/2025/04...
Intel SDM rev 87 was out. Updates? Good luck with diffing 5000+ pages of PDF files. @intel forgot to update the Documentation Changes file.
April 2, 2025 at 2:24 PM
Intel SDM rev 87 was out. Updates? Good luck with diffing 5000+ pages of PDF files. @intel forgot to update the Documentation Changes file.
Reposted by Satoshi
WinDbg script to check kCFG target function validity, and also to dump actual cfguard bitmap (which can be quite different from what's specified in the image GFIDS, needs more research): pastebin.com/64kujJNb.
!check_cfguard "nt!longjmp"
!dump_cfguard_bitmap "nt", "C:/cfguard_bitmap_ntoskrnl.bin"
!check_cfguard "nt!longjmp"
!dump_cfguard_bitmap "nt", "C:/cfguard_bitmap_ntoskrnl.bin"
dump_cfguard_bitmap.js - Pastebin.com
Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.
pastebin.com
March 31, 2025 at 4:07 AM
WinDbg script to check kCFG target function validity, and also to dump actual cfguard bitmap (which can be quite different from what's specified in the image GFIDS, needs more research): pastebin.com/64kujJNb.
!check_cfguard "nt!longjmp"
!dump_cfguard_bitmap "nt", "C:/cfguard_bitmap_ntoskrnl.bin"
!check_cfguard "nt!longjmp"
!dump_cfguard_bitmap "nt", "C:/cfguard_bitmap_ntoskrnl.bin"
Great talk! It's very encouraging to see more big players like MSFT adopting Rust rapidly and widely
I was using C/C++ for 10+ years, but now I code almost exclusively in Rust and am happy about that. It is more productive and enjoyable.
I was using C/C++ for 10+ years, but now I code almost exclusively in Rust and am happy about that. It is more productive and enjoyable.
My closing keynote from Rust Nation UK last week is now online: "Microsoft is Getting Rusty: A Review of Successes and Challenges"
Microsoft is Getting Rusty: A Review of Successes and Challenges - Mark Russinovich
YouTube video by Rust Nation UK
www.youtube.com
February 27, 2025 at 8:59 PM
Great talk! It's very encouraging to see more big players like MSFT adopting Rust rapidly and widely
I was using C/C++ for 10+ years, but now I code almost exclusively in Rust and am happy about that. It is more productive and enjoyable.
I was using C/C++ for 10+ years, but now I code almost exclusively in Rust and am happy about that. It is more productive and enjoyable.
Added AMD support to hvext, the windbg extension for reversing Hyper-V!
github.com/tandasat/hvext
You can check what SVM features are enabled, which MSRs and IO ports are accessible, and how nested page table looks like, for NT, SK and regular VMs.
github.com/tandasat/hvext
You can check what SVM features are enabled, which MSRs and IO ports are accessible, and how nested page table looks like, for NT, SK and regular VMs.
February 18, 2025 at 3:31 PM
Added AMD support to hvext, the windbg extension for reversing Hyper-V!
github.com/tandasat/hvext
You can check what SVM features are enabled, which MSRs and IO ports are accessible, and how nested page table looks like, for NT, SK and regular VMs.
github.com/tandasat/hvext
You can check what SVM features are enabled, which MSRs and IO ports are accessible, and how nested page table looks like, for NT, SK and regular VMs.
The new microphone setup for my next remote class!
Not that you pay for my clear voice :D but this will improve the learning experience
Btw, more than 1/3 of the seats were sold, so do not wait too long. Remote classes become full well before early-bird ends
Not that you pay for my clear voice :D but this will improve the learning experience
Btw, more than 1/3 of the seats were sold, so do not wait too long. Remote classes become full well before early-bird ends
February 6, 2025 at 2:59 PM
The new microphone setup for my next remote class!
Not that you pay for my clear voice :D but this will improve the learning experience
Btw, more than 1/3 of the seats were sold, so do not wait too long. Remote classes become full well before early-bird ends
Not that you pay for my clear voice :D but this will improve the learning experience
Btw, more than 1/3 of the seats were sold, so do not wait too long. Remote classes become full well before early-bird ends
Excited to announce that registration for my hypervisor class in May is open! tandasat.github.io
This class teaches you how hypervisors can be used for security and research, including hardening, fuzzing, and reversing, as well as their design options and vulnerabilities.
This class teaches you how hypervisors can be used for security and research, including hardening, fuzzing, and reversing, as well as their design options and vulnerabilities.
System Programming Lab
The next public class is May 12-13 and 19-20 (4 days) via Zoom
tandasat.github.io
January 21, 2025 at 4:12 PM
Excited to announce that registration for my hypervisor class in May is open! tandasat.github.io
This class teaches you how hypervisors can be used for security and research, including hardening, fuzzing, and reversing, as well as their design options and vulnerabilities.
This class teaches you how hypervisors can be used for security and research, including hardening, fuzzing, and reversing, as well as their design options and vulnerabilities.
Both Intel SDM v86 and Instruction Set Extensions Programming Reference v56 are out.
intel.com/sdm
SDM updates are minor. The other adds proper virtualization of IA32_SPEC_CTRL (on top of mask/shadow added before).
intel.com/sdm
SDM updates are minor. The other adds proper virtualization of IA32_SPEC_CTRL (on top of mask/shadow added before).
January 4, 2025 at 9:17 PM
Both Intel SDM v86 and Instruction Set Extensions Programming Reference v56 are out.
intel.com/sdm
SDM updates are minor. The other adds proper virtualization of IA32_SPEC_CTRL (on top of mask/shadow added before).
intel.com/sdm
SDM updates are minor. The other adds proper virtualization of IA32_SPEC_CTRL (on top of mask/shadow added before).
Reposted by Satoshi
I had a blast doing the research for Part 2 of my series on using JTAG to debug Hypervisor-Managed Linear Address Translation (HLAT): www.asset-intertech.com/resources/bl.... In this blog, I used SourcePoint to pinpoint where in the boot flow HLAT is enabled on Alder Lake performance cores.
December 30, 2024 at 8:20 PM
I had a blast doing the research for Part 2 of my series on using JTAG to debug Hypervisor-Managed Linear Address Translation (HLAT): www.asset-intertech.com/resources/bl.... In this blog, I used SourcePoint to pinpoint where in the boot flow HLAT is enabled on Alder Lake performance cores.
My first pull request to the Rust community got merged. If you find trivial errors, just make pull requests.
December 29, 2024 at 4:15 PM
My first pull request to the Rust community got merged. If you find trivial errors, just make pull requests.
The thiserror crate started to support no_std. Good news for low-level/embedded devs
github.com/dtolnay/this...
github.com/dtolnay/this...
Release 2.0.0 · dtolnay/thiserror
Breaking changes
Referencing keyword-named fields by a raw identifier like {r#type} inside a format string is no longer accepted; simply use the unraw name like {type} (#347)
This aligns thiserro...
github.com
December 19, 2024 at 4:50 PM
The thiserror crate started to support no_std. Good news for low-level/embedded devs
github.com/dtolnay/this...
github.com/dtolnay/this...
Reposted by Satoshi
Important news: Microsoft is working to bring SMAP into Windows
www.youtube.com/watch?v=-3jx...
Great talk by Joe Bialek from MORSE team
www.youtube.com/watch?v=-3jx...
Great talk by Joe Bialek from MORSE team
BlueHat 2024: S09: Pointer Problems – Why We’re Refactoring the Windows Kernel
YouTube video by Microsoft Security Response Center (MSRC)
www.youtube.com
December 16, 2024 at 4:29 AM
Important news: Microsoft is working to bring SMAP into Windows
www.youtube.com/watch?v=-3jx...
Great talk by Joe Bialek from MORSE team
www.youtube.com/watch?v=-3jx...
Great talk by Joe Bialek from MORSE team
Reposted by Satoshi
Can recommend Satoshi's training as well, rarely had a training that was such hands-on.
December 14, 2024 at 5:25 PM
Can recommend Satoshi's training as well, rarely had a training that was such hands-on.
Happy to hear that!
December 14, 2024 at 5:04 PM
Happy to hear that!
I updated all host, exercise, and demo setups of my hypervisor class to the latest version of OSes (Ubuntu 24, Windows 11 24H2, and macOS 15).
If you are interested in taking my future courses, you can subscribe the schedule announcement only mailing list at groups.io/g/system-pro...
If you are interested in taking my future courses, you can subscribe the schedule announcement only mailing list at groups.io/g/system-pro...
system-programming-lab groups.io Group
Accouchement-only mailing list for the courses by System Programming Lab (Satoshi Tanda). ONLY MODERATORS CAN POST to this group.
groups.io
November 26, 2024 at 3:43 AM
I updated all host, exercise, and demo setups of my hypervisor class to the latest version of OSes (Ubuntu 24, Windows 11 24H2, and macOS 15).
If you are interested in taking my future courses, you can subscribe the schedule announcement only mailing list at groups.io/g/system-pro...
If you are interested in taking my future courses, you can subscribe the schedule announcement only mailing list at groups.io/g/system-pro...