Joseph Bialek

@JosephBialek

Windows/Hyper-V security person, primarily building mitigations and killing vulnerability classes. I speak on my own behalf, not my employers.

Vrijeme pridruživanja: siječanj 2012.
11 fotografija ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @JosephBialek

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @JosephBialek

  1. proslijedio/la je Tweet
    28. sij

    Come read about the latest compiler backend improvements in Visual Studio 2019: better code generation, faster builds, and exciting new tools!

    40 proslijeđenih tweetova 88 korisnika označava da im se sviđa
    Poništi
  2. proslijedio/la je Tweet
    24. sij

    We updated the Security Servicing Criteria for Windows today clarifying a non-boundary (Hyper-V Administrator Group) & expanding the Administrator-to-Kernel non-boundary. We do this periodically in response to research trends; feedback is always welcome.

    19 proslijeđenih tweetova 30 korisnika označava da im se sviđa
    Poništi
  3. 23. sij

    To everyone upset at Sonos, do you seriously expect support forever? This is why buying smart devices is stupid. Normal speakers require no updates.

    9 korisnika označava da im se sviđa
    Poništi
  4. proslijedio/la je Tweet
    21. sij

    Tech Preview 2020 is live! Workstation TP 20H1 now brings compatibility with Hyper-V enabled hosts. In TP 20H1, Workstation can now run when Credential or Device guard, or WSL is enabled. Blog: Direct Link:

    9 replies 86 proslijeđenih tweetova 143 korisnika označavaju da im se sviđa
    Poništi
  5. proslijedio/la je Tweet
    16. sij

    We just moved Project Verona into the open on Github to facilitate academic collaborations in language research.

    96 proslijeđenih tweetova 272 korisnika označavaju da im se sviđa
    Poništi
  6. proslijedio/la je Tweet
    13. sij

    BattlEye is uploading device drivers from your machine as a part of its larger system enumeration routine, which sends unfiltered dumps of process names, window titles, module names, certificates and more to their server - stay put

    9 proslijeđenih tweetova 48 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  7. proslijedio/la je Tweet
    9. sij

    My team is once more hiring vulnerability researchers for our Redmond WA office. This is for low-level OS/platform security research work on Windows and Azure. More details on what we do at . Apply directly at or DM me if interested!

    77 proslijeđenih tweetova 95 korisnika označava da im se sviđa
    Poništi
  8. 7. sij

    Friends don't let friends get sucked in to bug disclosure debates. They are probably even more futile than debating politics or religion.

    1 proslijeđeni tweet 1 korisnik označava da mu se sviđa
    Poništi
  9. proslijedio/la je Tweet
    7. sij

    Project Zero Policy and Disclosure: 2020 Edition --

    1 reply 35 proslijeđenih tweetova 84 korisnika označavaju da im se sviđa
    Poništi
  10. proslijedio/la je Tweet
    2. sij

    To bring in the new year here's a new blog post about empirically testing Windows Service Hardening to see if it is really not a security boundary even on Windows 10. h/t

    6 replies 154 proslijeđena tweeta 298 korisnika označava da im se sviđa
    Poništi
  11. 20. pro 2019.

    Great team, this is where I started at Microsoft and security:

    Want to attack some of the largest services in the world? Come emulate adversaries and discover vulnerabilities at Microsoft. Junior position, L33t hacker skills not required. We'll help you level-up. Apply here:
    2 proslijeđena tweeta 10 korisnika označava da im se sviđa
    Poništi
  12. proslijedio/la je Tweet
    20. pro 2019.

    Want to attack some of the largest services in the world? Come emulate adversaries and discover vulnerabilities at Microsoft. Junior position, L33t hacker skills not required. We'll help you level-up. Apply here:

    11 proslijeđenih tweetova 15 korisnika označava da im se sviđa
    Poništi
  13. proslijedio/la je Tweet
    15. pro 2019.

    So I translated to myself 's article on Exploitation and the internals of Windows 10 RS5 (Userspace), and Saar suggested I'll upload it for everyone, so why not :) I hope this helps as it helped me, thank you Saar!

    5 replies 204 proslijeđena tweeta 464 korisnika označavaju da im se sviđa
    Poništi
  14. proslijedio/la je Tweet
    12. pro 2019.

    If you’ve got a security-sensitive codebase, you should be using -ftrivial-auto-init=pattern in Clang. In 2020, there’s no good reason for uninitialized variables to be exploitable.

    Mitigating Undefined Behavior 🔒 💥 🔒 My talk on automatic variable initialization at the developer meeting is now online!
    1 reply 16 proslijeđenih tweetova 48 korisnika označava da im se sviđa
    Poništi
  15. 10. pro 2019.

    The government seems to think they can bully Apple/Google around because they are US companies. How are they going to feel about every other country in the world also wanting a backdoor built in to technology. What happens if another country wants to search your phone?

    2 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  16. 10. pro 2019.

    The arguments of "we can do X in the physical world so we should be able to do it on computers" completely ignore the fact that computers are a paradigm shift. You cannot build something similar to device encryption to protect your house with.

    1 reply 4 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  17. 10. pro 2019.

    It was entertaining and depressing to hear the senate thinks they can regulate away their crypto problems. I was confused why the sole independent security expert at the hearing seems to be advocating for crypto backdoors though..

    1 proslijeđeni tweet 8 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  18. proslijedio/la je Tweet
    10. pro 2019.

    Nice and short blog post on when it's useful to use C "restrict" keyword to limit effects of pointer aliasing in order to aid compiler optimizations.

    9 proslijeđenih tweetova 33 korisnika označavaju da im se sviđa
    Poništi
  19. proslijedio/la je Tweet
    2. pro 2019.

    The slides of our talk "Pool Fengshui in Windows Vulnerability Exploitation" at are available. Three ways for Pool Feng Shui with RDP PDU, two new methods to exploit CVE-2019-0708 .

    187 proslijeđenih tweetova 329 korisnika označava da im se sviđa
    Poništi
  20. proslijedio/la je Tweet
    2. pro 2019.

    Lots of goodness in this 20 min talk by Matthew Parkinson from Microsoft Research Cambridge :) He touches on vulnerability mitigation, new safer language research (with Project Verona), and finer-grained compartmentalization (with CHERI)

    18 proslijeđenih tweetova 59 korisnika označava da im se sviđa
    Poništi

@JosephBialek još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·