Why North Korea Is Planning a Second Korean War and How to Stop It YouTube video by Dmitri Alperovitch

Why North Korea Is Planning a Second Korean War and How to Stop It

My deep-dive with @andreilankov and @DrRadchenko into North Korean regime, foreign policy, daily life, surveillance state, hackers and much more!

youtu.be/hqTbLkdysBo

Donate to Support Marc Rogers' Road to Recovery, organized by Katie Vogel cjunkie (Marc Rogers) is an invaluable and beloved member of our hacker community: a… Katie Vogel needs your support for Support Marc Rogers' Road to Recovery

www.gofundme.com/f/support-ma...

CJ is an old friend and a longtime cDc NSF member. He suffered a fall and broke his neck -- his insurance refused to pay for an MRI, which led to the break going undiagnosed for a couple of weeks, until his vertebrae had degraded to the point of quadriplegia.

The One Factor That Could Crash the Russian Economy YouTube video by Dmitri Alperovitch

The One Factor That Could Crash the Russian Economy

A new Geopolitics Decanted episode with a deep-dive into the Russian economy and how it's faring in 2025 and what leverage Ukraine might get to negotiate an acceptable peace deal with Putin
www.youtube.com/watch?v=VOYl...

Declawing PUMAKIT — Elastic Security Labs PUMAKIT is a sophisticated loadable kernel module (LKM) rootkit that employs advanced stealth mechanisms to hide its presence and maintain communication with command-and-control servers.

This was a phenomenal breakdown of some novel Linux malware techniques.

www.elastic.co/secur...

Positive Technologies has developed a new attack that exploits the SD Express standard to gain access to a device's memory through its SD card reader

The DaMAgeCard attack exploits the fact that the new SD Express standard can operate in both SDIO and NVMe

swarm.ptsecurity.com/new-dog-old-...

ost2.fyi/Sponsorship....
Gold Sponsors & Windows Security Track sponsor Winsider Seminars & Solutions (@yardenshafir.bsky.social & @ionescu.bsky.social)

👇

Long time coming and a cast of hundreds (and a very deep tech stack) but CONGRATS to the team - it's the FIRST ARM64 for Windows build of Git!

There is glory in the unexpressed thought.

www.whitehouse.gov/briefing-roo...

Now I kind of want to write an mIRC plugin

I have a legitimate question — given the incredible progress made by Windows on ARM64, it baffles the mind that this is running on an Intel SoC. Especially if it’s meant to be cheap and sustainable. Seriously — why?

As far as intelligence scandals come, and what’s coming… I’d take this scandal over any other, any time.

I think it’s « Mahalo, товарищ »

This awesome fuzzing blog post by @r00tkitsmm.bsky.social covers a super reliable macOS kernel binary rewriting to instrument any KEXT or XNU at BB or edge level. Mandatory reading for anyone interested in fuzzing whether you use MacOS or not. So many good system internals and fuzzing references!

Brought back memories 🥲

LSA and UEFI file signing - Windows drivers Local Security Authority (LSA) plug-in and Unified Extensible Firmware Interface (UEFI) firmware signing.

LSASS now runs as PPL by default, and that DLL doesn’t have the appropriate signature. Unless you’re relying on Bonjour for AD auth you’re probably fine. Microsoft launched LSA PPL signing for 3rd parties back in Windows 8.1 in 2013: learn.microsoft.com/en-us/window...
It’s only been 11 years ;-)

Very excited to finally see this live! An incredible shift in cloud computing.

alright folks, the app code is now public

https://github.com/bluesky-social/social-app

I own tools.zip and am trying to figure out what I should serve

Normally I would use a kernel debugger to look at the wait block and see what object it’s attached to. Is there an ETW event that might log that?

User Mode — into some sort of Ring 3 (non-kernel) service

I’m guessing this is an EDR or similar product that’s calling into UM for a response…

So first MSI has been found to ship their Secure Boot policy in “AlwaysExecute” mode on 300+ motherboards, and now they had their BootGuard private key leaked from their source repo (WHY is in their repo? 🤦🏻‍♂️🤦🏻‍♂️🤦🏻‍♂️).

Between this and the DBX running out of space, UEFI firmware security needs a reboot.

Windows now has VBS/TPM protected token binding and you can finally now store private keys in hardware and make them truly non-exportable even by a privileged kernel attacker.

Great stuff from Dwizzzle: gist.github.com/dwizzzle/a1c4cf4b669053d...

@ washingtonpost dot com you read that right

Probably one of the best pieces of reporting on the Solarwinds supply-chain attack. Excellent piece by Kim Zetter.

Highly recommended reading.

There’s still a UI bug, when writing a draft the blue button to save the draft still says “Reply” 🙄

Shitposting about other people’s security products/detection logic is the natural evolution/side trip of this.

Binge-watched BEEF last night on Netflix and everything from the soundtrack to the experience of being a first generation millennial immigrant from a similar cultural background was cathartic. I cried for hours. I can only imagine how much more this speaks to Asian Americans/Canadians.

0%