Registration is open to all RECon classes!
As usual, Iβll be teaching Windows Internals. This is the only time this year that the class is offered in North America π
And if windows isnβt your thing, there are lots of other great classes!
recon.cx/2026/en/trai...
Havenβt uploaded them but happy to do that if you find them useful on their own :)
Looks like BlueHatIL talks are online now, so hereβs my talk for anyone who wanted to learn about the latest episode of KASLR and couldnβt make it: www.youtube.com/watch?v=Dk2r...
I wonder if Google maps can give me driving directions to TraceView, Tennessee
AI search engines are the future
Microsoft threat actor found in the wild
To me this looks like an oversight by Microsoft, not an intentional thing, but Iβm not sure windows defender ever blocked any drivers through the ELAM callback so I donβt know if this changes much.
Other EDRs: do you use the ELAM blocking functionality or only use it for the cert?
Wdboot.sys driver entry, function is empty and has no functionality.
For about a year now, WdBoot.sys essentially does nothing. Microsoft installs 2 versions:
- \System32\drivers\wdboot.sys is the βfullβ, functional version
- \System32\drivers\wd\wdboot.sys is the βemptyβ version, which is the one being updated and loaded.
Does anyone know the reason behind this?
The dying words of the American empire will be βI donβt think this code does anything. Iβll go ahead and delete that.β
Oh look theyβre going to vibe program the SSA systems. Iβm sure this will be perfectly fine and will cause no issues.
Knowing they eat steak makes them even scarier
Kookaburra
This cute little thing sounds like a witch laughing in a dark forest and has tried to kill me twice so far
I was told Australia is scary but didnβt expect to land and immediately get threatened by a public bus
Windows is going through some stuff right now
"Zen and the Art of Microcode Hacking"
Tragic signature bypass enables custom microcode loading on AMD processors, and a tool to do it. The blog is extremely well written and provides concise explanations of topics mentioned + plenty of resources! A must read.
bughunters.google.com/blog/5424842...
Small anecdote about thread priorities and throttling on Windows 11:
Iβm downloading a large file.
Estimated time left: 28 minutes.
Open notepad, put it as the front window. Download time left: 57 minutes.
Close notepad, browser back in front. Time left: 27 minutes.
Iβm not saying you definitely have to go to @BlueHatIL this year, Iβm just letting you know itβs free, by the beach and Iβll be there dropping kernel pointers to anyone who asks nicely
I work with cool people who do cool things: www.eff.org/deeplinks/20...
Celebrating flat fuck Friday
Wanted to live tweet so bad but also didnβt wanna look away from the show it was so good. And the best singer in this was Janet!
Not that I saw but there were some of the usual shout outs and the narrator responded to all of them
βIt was a strange nightβ¦ how strange? As strange as the strangest thing going through Trumpβs headβ
This is a full theatre production, live singing and all. This is everything I could ever ask for.
The narrator is brilliant and Iβm crying laughing.
Going to a Rocky Horror show in a quiet UK town and the crowd is almost entirely old British people so Iβm expecting an incredible time
BlueHat IL 2025- Congratulations- your submission to the main hall was accepted!
ππ
More baking!
Every single Canadian stereotype is correct. It is -4c (24f) today and I've seen one people walking around in shorts and another one in a short-sleeved t-shirt. Not a single person is wearing a hat.
Did a bit of baking this weekend
Of course!
Good morning
