Reversing (malware and otherwise); appsec and websec; embedded security; exploit dev; software preservationist; knows how not to use cryptography.
Currently finding bugs in Windows bootloaders.
You may also know me from capcom.sys.
@abff08f4813c so “ex-FAANG” managers coming in for their CIA sabotage manual any% runs isn’t just happening at discord?
makes sense to me
@LeberechtReinhold I can understand why it was done in the first place, but MS just blindly signing anything they are given is stupid, they should at least disallow binaries packed by themida or vmprotect.
vmprotect on a driver is an indicator of compromise, especially if the cert/opus info references a chinese entity.