Andrea Allievi

@aall86

Currently Senior Windows Core OS Engineer, Windows Internals Enthusiast, tennis lover, currently working for MS. Opinions and tweets are my own.

Seattle, WA
andrea-allievi.com
Vrijeme pridruživanja: ožujak 2012.
10 fotografija ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @aall86

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @aall86

  1. proslijedio/la je Tweet
    2. velj

    Can your EDR detect symbolic link callback rootkits? Because ours sure as heck can't. and I wrote about these!

    161 proslijeđeni tweet 368 korisnika označava da im se sviđa
    Poništi
  2. 3. velj

    Goodbye SCM. You are now in Chapter 10... A lot of new changes even there!

    1 proslijeđeni tweet 11 korisnika označava da im se sviđa
    Poništi
  3. 28. sij

    Nice work team. Andrey rulex here :-)

    we have an update to DTrace on Windows. with the latest 20H1 insider build, no more KD required to use dtrace on windows. plus arm64 MSI.
    Prikaži ovu nit
    1 proslijeđeni tweet 6 korisnika označava da im se sviđa
    Poništi
  4. 23. sij

    A huge Goodbye to "\Pipe\Net\NtControlPipeX". We do not need it! XD <Spoiler alert>

    1 reply 8 korisnika označava da im se sviđa
    Poništi
  5. 15. sij

    You should try it!

    1 reply 2 proslijeđena tweeta 3 korisnika označavaju da im se sviđa
    Poništi
  6. proslijedio/la je Tweet
    8. lis 2019.

    Checkout the new version of IA32-VMX-Helper Now you can: - Apply proper symbolic constants and comments automatically - Search and explore MSR/VMCS by value or related Instructions in the IDA Gui!

    25 proslijeđenih tweetova 52 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  7. 29. pro 2019.

    Christmas vacation, last final chapter of the new Windows Internals... this work is taking tooo long. A new blog post is on-going too.

    2 proslijeđena tweeta 34 korisnika označavaju da im se sviđa
    Poništi
  8. proslijedio/la je Tweet
    20. pro 2019.

    Debugging Windows Server 2019 Hyper-V shielded guest OS using LiveCloudKd EXDi plugin (breakpoints and single-step operations while).

    13 proslijeđenih tweetova 37 korisnika označava da im se sviđa
    Poništi
  9. 15. pro 2019.

    This caught my attention...

    Pretty good workshop, describing Windows drivers DSE bypassing! It allows run LiveCloudKd with own hvmm.sys driver on Windows Server 2019 with Dec 2019 patches and Secure Boot enabled.
    Prikaži ovu nit
    1 proslijeđeni tweet 2 korisnika označavaju da im se sviđa
    Poništi
  10. 13. pro 2019.

    This is cool. Give it a try!

    New WinDbg Preview rolling out! Biggest addition - a new timelines window for visualizing when things like exceptions, memory accesses, breakpoints, and function calls occur in your trace. Also quick at-a-glance tooltips for each event just by hovering!
    1 proslijeđeni tweet 11 korisnika označava da im se sviđa
    Poništi
  11. proslijedio/la je Tweet
    12. pro 2019.

    1 reply 23 proslijeđena tweeta 57 korisnika označava da im se sviđa
    Poništi
  12. 10. pro 2019.

    Woooa.... Those damn handles :-)

    I decided to create a tutorial called "Reversing Windows Internals" and explain about Windows Internals. The first part describes about Handles, Callbacks and Hidden Callbacks and ObjectTypes in Windows Thanks to for answering my questions.
    2 proslijeđena tweeta 5 korisnika označava da im se sviđa
    Poništi
  13. proslijedio/la je Tweet
    22. stu 2019.

    Mac secure boot (with two world firsts: DMA defense from PCIe Bus 0, and the Option ROM sandbox), iOS kernel integrity, Pointer Auth Codes (PAC), APRR register, Page Protection Layer (PPL), and novel Find My crypto — all in my slides from Black Hat 2019!

    8 replies 217 proslijeđenih tweetova 632 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  14. 19. stu 2019.

    Good introduction article by . Secure Launch is in the new Windows Internals book under its original name, Trusted Boot... A lot of "* Guard" in these days... my head is spinning :-)

    1 reply 1 proslijeđeni tweet 18 korisnika označava da im se sviđa
    Poništi
  15. 17. stu 2019.

    My CPU is too fast for Sammy :-)

    2 korisnika označavaju da im se sviđa
    Poništi
  16. 13. stu 2019.

    Interesting reading... use an emulator to emulate UEFI code...

    It's finally out! Crafting an EFI Emulator and Interactive Debugger -> . Enjoy :-)
    1 proslijeđeni tweet 6 korisnika označava da im se sviđa
    Poništi
  17. proslijedio/la je Tweet
    7. stu 2019.

    When mitigations happen to mitigate more than they were really intended to :) Great post about KVA shadow breaking some assumptions of kernel payloads

    Fixing Remote Windows Kernel Payloads to Bypass Meltdown KVA Shadow
    15 proslijeđenih tweetova 51 korisnik označava da mu se sviđa
    Poništi
  18. 31. lis 2019.

    Naaahhhh I can't believe it.... Someone reversed my feature. Be ready, IBRS, IBPB, STIBP are coming too. I feel important now, thanks :-)

    Ever wondered what NOPE looks like in code form? 19002 (left) vs 19013. I guess the world isn't ready for VTL1 protected memory yet.
    1 reply 6 proslijeđenih tweetova 23 korisnika označavaju da im se sviđa
    Poništi
  19. 28. lis 2019.

    Ahahaha MiReloadBootLoadDriver... I guess who wrote that :-)

    Hey, I just uploaded a couple of articles on DeviceGuard/WDAC internals in the Windows-Insight repo: . More articles on WDAC internals focusing on the most recent implementation (incl. new policy file management, driver blacklisting etc.) coming soon!
    1 proslijeđeni tweet 8 korisnika označava da im se sviđa
    Poništi

@aall86 još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·