Microsoft Azure attestation service in INSANELY powerful. You can write a policy to block/allow/etc. a device that doesn't have EXACTLY the security policy you want for a huge host of services (e.g., AAD) Policies can be based on data that's protected in the Windows TPM or VB

Some more great wisdom from John Lambert ⬇️⬇️

The video of my BlueHat IL talk about MTE is now published! Technical overview of the extension, applications, security properties, and practical examples. Check it out :) youtube.com/watch?v=LV8BK1…

The coolest thing about this is that it highlights the actual unsafe operation in the color specified. This makes it really easy to tell what in an unsafe block is an unsafe operation!

Summarizing Windows 11 Security Announcements: ✅Pluton SHIPPING ✅HVCI/VBS on default ALL CPUs ✅Credguard default ON ✅LSASS Protection default ON ✅EXE signed or rep REQUIRED ✅Script Blocking from Internet ON ✅Enhanced Phishing ON ✅File Layer Encryption with Hello ON

Today we're sharing our Year in Review of 0-days exploited in-the-wild in 2021. Here's our takeaways from this record breaking year. googleprojectzero.blogspot.com/2022/04/the-mo…

We're super excited to announce the release of snmalloc 0.6.0 with a load of new security features that no other allocators have. We have a small write up of the features: github.com/microsoft/snma… 🧵(1/5)

I'll be talking at Blackhat about CastGuard, a pretty sweet mitigation for deterministically preventing illegal downcasts in C++. Inspired by Clang's cfi-cast-derived but heavily optimized and some security improvements. blackhat.com/us-22/briefing…

Rust is coming to Azure Sphere - Azure's secured IoT platform! techcommunity.microsoft.com/t5/internet-of…

I've uploaded the slides from my BlackHatUSA talk about CastGuard. There's a bunch of stuff in the appendix that I didn't have time to discuss: github.com/microsoft/MSRC…

What can I say? A beautiful day talking about HVCI & kernel exploitation at BSides in Kansas City, Missouri, meeting people passionate about security, and (most importantly) hanging with my fiancé. Slides: github.com/connormcgarr/P… Supporting blog: connormcgarr.github.io/hvci/

Please RT for reach.

Major step forward for hardware security: Microsoft, AMD, Google and Nvidia partner to create Caliptra, an open source root of trust (RoT) with specification in Open Compute Project, and open source firmware (in Rust) and RTL coming in CHIPS Alliance azure.microsoft.com/en-us/blog/del…

This post by Ian Levy is worth your time. Ian's contributions to cyber-security are immense. Brilliant, broad-ranging, and armed with a communication style that is, shall I say, to the point. Ian is an institution and I wish him the best of luck. 👉ncsc.gov.uk/blog-post/so-l…

As promised - our new CHERIoT (CHERI-RV32E) microcontroller and software stack is now open-source! I'm very excited about this work. Scaling CHERI down to small cores could be a life-changer to the IoT and embedded ecosystems. 🧵 aka.ms/cheriot-tech-r…

Time for a new blogpost! Let's do a CHERIoT walkthrough - including a straightforward setup, understanding how we kill bug classes and mitigating attacks on our minimal TCB through practical examples, and more fun! msrc.microsoft.com/blog/2023/02/f…

Looking for confidential virtual machines without the machine part? Confidential containers are now supported in our Azure Container Instance serverless container infrastructure! techcommunity.microsoft.com/t5/apps-on-azu…