Yarden Shafir
@yardenshafir.bsky.social
A circus artist with a visual studio license
Looks like BlueHatIL talks are online now, so here’s my talk for anyone who wanted to learn about the latest episode of KASLR and couldn’t make it: www.youtube.com/watch?v=Dk2r...
BlueHat IL 2025 - Yarden Shafir - Look, Ma—No Privileges! How Windows Gives You Kernel Pointers...
YouTube video by Microsoft Israel R&D Center
www.youtube.com
May 29, 2025 at 1:30 AM
Looks like BlueHatIL talks are online now, so here’s my talk for anyone who wanted to learn about the latest episode of KASLR and couldn’t make it: www.youtube.com/watch?v=Dk2r...
AI search engines are the future
April 25, 2025 at 5:54 PM
AI search engines are the future
Microsoft threat actor found in the wild
April 7, 2025 at 5:17 AM
Microsoft threat actor found in the wild
For about a year now, WdBoot.sys essentially does nothing. Microsoft installs 2 versions:
- \System32\drivers\wdboot.sys is the “full”, functional version
- \System32\drivers\wd\wdboot.sys is the “empty” version, which is the one being updated and loaded.
Does anyone know the reason behind this?
- \System32\drivers\wdboot.sys is the “full”, functional version
- \System32\drivers\wd\wdboot.sys is the “empty” version, which is the one being updated and loaded.
Does anyone know the reason behind this?
April 3, 2025 at 10:12 AM
For about a year now, WdBoot.sys essentially does nothing. Microsoft installs 2 versions:
- \System32\drivers\wdboot.sys is the “full”, functional version
- \System32\drivers\wd\wdboot.sys is the “empty” version, which is the one being updated and loaded.
Does anyone know the reason behind this?
- \System32\drivers\wdboot.sys is the “full”, functional version
- \System32\drivers\wd\wdboot.sys is the “empty” version, which is the one being updated and loaded.
Does anyone know the reason behind this?
Oh look they’re going to vibe program the SSA systems. I’m sure this will be perfectly fine and will cause no issues.
SCOOP: DOGE wants to rebuild SSA's codebase in months, risking benefits and system collapse, sources tell me.
The plan is to migrate all systems off COBOL quickly which would likely require the use of generative AI.
www.wired.com/story/doge-r...
The plan is to migrate all systems off COBOL quickly which would likely require the use of generative AI.
www.wired.com/story/doge-r...
DOGE Plans to Rebuild SSA Codebase In Months, Risking Benefits and System Collapse
Social Security systems contain tens of millions of lines of code written in COBOL, an archaic programming language. Safely rewriting that code would take years—DOGE wants it done in months.
www.wired.com
March 29, 2025 at 4:46 AM
Oh look they’re going to vibe program the SSA systems. I’m sure this will be perfectly fine and will cause no issues.
This cute little thing sounds like a witch laughing in a dark forest and has tried to kill me twice so far
March 20, 2025 at 2:03 PM
This cute little thing sounds like a witch laughing in a dark forest and has tried to kill me twice so far
I was told Australia is scary but didn’t expect to land and immediately get threatened by a public bus
March 16, 2025 at 2:04 AM
I was told Australia is scary but didn’t expect to land and immediately get threatened by a public bus
Reposted by Yarden Shafir
"Zen and the Art of Microcode Hacking"
Tragic signature bypass enables custom microcode loading on AMD processors, and a tool to do it. The blog is extremely well written and provides concise explanations of topics mentioned + plenty of resources! A must read.
bughunters.google.com/blog/5424842...
Tragic signature bypass enables custom microcode loading on AMD processors, and a tool to do it. The blog is extremely well written and provides concise explanations of topics mentioned + plenty of resources! A must read.
bughunters.google.com/blog/5424842...
Blog: Zen and the Art of Microcode Hacking
This blog post covers the full details of EntrySign, the AMD Zen microcode signature validation vulnerability recently discovered by the Google Security team.
bughunters.google.com
March 6, 2025 at 2:32 AM
"Zen and the Art of Microcode Hacking"
Tragic signature bypass enables custom microcode loading on AMD processors, and a tool to do it. The blog is extremely well written and provides concise explanations of topics mentioned + plenty of resources! A must read.
bughunters.google.com/blog/5424842...
Tragic signature bypass enables custom microcode loading on AMD processors, and a tool to do it. The blog is extremely well written and provides concise explanations of topics mentioned + plenty of resources! A must read.
bughunters.google.com/blog/5424842...
Small anecdote about thread priorities and throttling on Windows 11:
I’m downloading a large file.
Estimated time left: 28 minutes.
Open notepad, put it as the front window. Download time left: 57 minutes.
Close notepad, browser back in front. Time left: 27 minutes.
I’m downloading a large file.
Estimated time left: 28 minutes.
Open notepad, put it as the front window. Download time left: 57 minutes.
Close notepad, browser back in front. Time left: 27 minutes.
March 6, 2025 at 8:21 PM
Small anecdote about thread priorities and throttling on Windows 11:
I’m downloading a large file.
Estimated time left: 28 minutes.
Open notepad, put it as the front window. Download time left: 57 minutes.
Close notepad, browser back in front. Time left: 27 minutes.
I’m downloading a large file.
Estimated time left: 28 minutes.
Open notepad, put it as the front window. Download time left: 57 minutes.
Close notepad, browser back in front. Time left: 27 minutes.
I’m not saying you definitely have to go to @BlueHatIL this year, I’m just letting you know it’s free, by the beach and I’ll be there dropping kernel pointers to anyone who asks nicely
March 5, 2025 at 11:07 PM
I’m not saying you definitely have to go to @BlueHatIL this year, I’m just letting you know it’s free, by the beach and I’ll be there dropping kernel pointers to anyone who asks nicely
Reposted by Yarden Shafir
I work with cool people who do cool things: www.eff.org/deeplinks/20...
Meet Rayhunter: A New Open Source Tool from EFF to Detect Cellular Spying
Rayhunter is a new open source tool we’ve created that runs off an affordable mobile hotspot that we hope empowers everyone, regardless of technical skill, to help search out cell-site simulators (CSS...
www.eff.org
March 5, 2025 at 10:32 PM
I work with cool people who do cool things: www.eff.org/deeplinks/20...
Celebrating flat fuck Friday
February 28, 2025 at 9:21 PM
Celebrating flat fuck Friday
Going to a Rocky Horror show in a quiet UK town and the crowd is almost entirely old British people so I’m expecting an incredible time
February 19, 2025 at 7:33 PM
Going to a Rocky Horror show in a quiet UK town and the crowd is almost entirely old British people so I’m expecting an incredible time
Every single Canadian stereotype is correct. It is -4c (24f) today and I've seen one people walking around in shorts and another one in a short-sleeved t-shirt. Not a single person is wearing a hat.
February 7, 2025 at 7:38 PM
Every single Canadian stereotype is correct. It is -4c (24f) today and I've seen one people walking around in shorts and another one in a short-sleeved t-shirt. Not a single person is wearing a hat.
Did a bit of baking this weekend
February 2, 2025 at 2:20 PM
Did a bit of baking this weekend
Does anyone know companies hiring for entry level roles (in Canada/remote)? And I mean *real* entry level, not degree + 2 certs + 3 years experience “entry level”.
Not just cybersecurity, any entry level roles at all, in any area.
Not just cybersecurity, any entry level roles at all, in any area.
January 27, 2025 at 4:40 PM
Does anyone know companies hiring for entry level roles (in Canada/remote)? And I mean *real* entry level, not degree + 2 certs + 3 years experience “entry level”.
Not just cybersecurity, any entry level roles at all, in any area.
Not just cybersecurity, any entry level roles at all, in any area.
Yesterday Microsoft fixed 6 kernel address leaks that I reported
CVE-2025-21316
CVE-2025-21317
CVE-2025-21318
CVE-2025-21319
CVE-2025-21320
CVE-2025-21321
CVE-2025-21316
CVE-2025-21317
CVE-2025-21318
CVE-2025-21319
CVE-2025-21320
CVE-2025-21321
January 15, 2025 at 7:38 PM
Yesterday Microsoft fixed 6 kernel address leaks that I reported
CVE-2025-21316
CVE-2025-21317
CVE-2025-21318
CVE-2025-21319
CVE-2025-21320
CVE-2025-21321
CVE-2025-21316
CVE-2025-21317
CVE-2025-21318
CVE-2025-21319
CVE-2025-21320
CVE-2025-21321
The fact those toggles have a different design is driving me crazy
January 5, 2025 at 10:35 PM
The fact those toggles have a different design is driving me crazy
I see someone is working through their backlog
December 31, 2024 at 9:29 PM
I see someone is working through their backlog
My grandma made this dinosaur tail vase
December 26, 2024 at 12:17 PM
My grandma made this dinosaur tail vase
You should all see this photo that my phone just reminded me of
December 16, 2024 at 4:40 AM
You should all see this photo that my phone just reminded me of
Important news: Microsoft is working to bring SMAP into Windows
www.youtube.com/watch?v=-3jx...
Great talk by Joe Bialek from MORSE team
www.youtube.com/watch?v=-3jx...
Great talk by Joe Bialek from MORSE team
BlueHat 2024: S09: Pointer Problems – Why We’re Refactoring the Windows Kernel
YouTube video by Microsoft Security Response Center (MSRC)
www.youtube.com
December 16, 2024 at 4:29 AM
Important news: Microsoft is working to bring SMAP into Windows
www.youtube.com/watch?v=-3jx...
Great talk by Joe Bialek from MORSE team
www.youtube.com/watch?v=-3jx...
Great talk by Joe Bialek from MORSE team