Yarden Shafir @yardenshafir

Haven’t uploaded them but happy to do that if you find them useful on their own :)

29.05.2025 16:38 — 👍 2 🔁 0 💬 1 📌 0

YouTube video by Microsoft Israel R&D Center BlueHat IL 2025 - Yarden Shafir - Look, Ma—No Privileges! How Windows Gives You Kernel Pointers...

Looks like BlueHatIL talks are online now, so here’s my talk for anyone who wanted to learn about the latest episode of KASLR and couldn’t make it: www.youtube.com/watch?v=Dk2r...

29.05.2025 01:30 — 👍 8 🔁 3 💬 1 📌 0

I wonder if Google maps can give me driving directions to TraceView, Tennessee

25.04.2025 18:53 — 👍 1 🔁 0 💬 0 📌 0

AI search engines are the future

25.04.2025 17:54 — 👍 3 🔁 0 💬 1 📌 0

Microsoft threat actor found in the wild

07.04.2025 05:17 — 👍 7 🔁 0 💬 0 📌 0

To me this looks like an oversight by Microsoft, not an intentional thing, but I’m not sure windows defender ever blocked any drivers through the ELAM callback so I don’t know if this changes much.

Other EDRs: do you use the ELAM blocking functionality or only use it for the cert?

03.04.2025 10:13 — 👍 3 🔁 0 💬 0 📌 0

Wdboot.sys driver entry, function is empty and has no functionality.

For about a year now, WdBoot.sys essentially does nothing. Microsoft installs 2 versions:
- \System32\drivers\wdboot.sys is the “full”, functional version
- \System32\drivers\wd\wdboot.sys is the “empty” version, which is the one being updated and loaded.

Does anyone know the reason behind this?

03.04.2025 10:12 — 👍 2 🔁 1 💬 2 📌 0

The dying words of the American empire will be “I don’t think this code does anything. I’ll go ahead and delete that.”

29.03.2025 04:47 — 👍 17 🔁 0 💬 1 📌 0

Oh look they’re going to vibe program the SSA systems. I’m sure this will be perfectly fine and will cause no issues.

29.03.2025 04:46 — 👍 6 🔁 0 💬 0 📌 0

Knowing they eat steak makes them even scarier

22.03.2025 01:21 — 👍 1 🔁 0 💬 0 📌 0

Kookaburra

This cute little thing sounds like a witch laughing in a dark forest and has tried to kill me twice so far

20.03.2025 14:03 — 👍 10 🔁 0 💬 1 📌 0

I was told Australia is scary but didn’t expect to land and immediately get threatened by a public bus

16.03.2025 02:04 — 👍 7 🔁 1 💬 0 📌 0

Windows is going through some stuff right now

06.03.2025 21:33 — 👍 1 🔁 0 💬 1 📌 0

Blog: Zen and the Art of Microcode Hacking This blog post covers the full details of EntrySign, the AMD Zen microcode signature validation vulnerability recently discovered by the Google Security team.

"Zen and the Art of Microcode Hacking"

Tragic signature bypass enables custom microcode loading on AMD processors, and a tool to do it. The blog is extremely well written and provides concise explanations of topics mentioned + plenty of resources! A must read.

bughunters.google.com/blog/5424842...

06.03.2025 02:32 — 👍 36 🔁 12 💬 0 📌 0

Small anecdote about thread priorities and throttling on Windows 11:
I’m downloading a large file.
Estimated time left: 28 minutes.
Open notepad, put it as the front window. Download time left: 57 minutes.
Close notepad, browser back in front. Time left: 27 minutes.

06.03.2025 20:21 — 👍 3 🔁 0 💬 1 📌 0

I’m not saying you definitely have to go to @BlueHatIL this year, I’m just letting you know it’s free, by the beach and I’ll be there dropping kernel pointers to anyone who asks nicely

05.03.2025 23:07 — 👍 5 🔁 0 💬 0 📌 0

Meet Rayhunter: A New Open Source Tool from EFF to Detect Cellular Spying Rayhunter is a new open source tool we’ve created that runs off an affordable mobile hotspot that we hope empowers everyone, regardless of technical skill, to help search out cell-site simulators (CSS...

I work with cool people who do cool things: www.eff.org/deeplinks/20...

05.03.2025 22:32 — 👍 327 🔁 104 💬 14 📌 9

Celebrating flat fuck Friday

28.02.2025 21:21 — 👍 10 🔁 1 💬 1 📌 0

Wanted to live tweet so bad but also didn’t wanna look away from the show it was so good. And the best singer in this was Janet!

20.02.2025 18:03 — 👍 1 🔁 0 💬 0 📌 0

Not that I saw but there were some of the usual shout outs and the narrator responded to all of them

19.02.2025 21:25 — 👍 1 🔁 0 💬 0 📌 0

“It was a strange night… how strange? As strange as the strangest thing going through Trump’s head”

19.02.2025 20:19 — 👍 0 🔁 0 💬 0 📌 0

This is a full theatre production, live singing and all. This is everything I could ever ask for.

The narrator is brilliant and I’m crying laughing.

19.02.2025 20:19 — 👍 1 🔁 0 💬 2 📌 0

Going to a Rocky Horror show in a quiet UK town and the crowd is almost entirely old British people so I’m expecting an incredible time

19.02.2025 19:33 — 👍 7 🔁 0 💬 2 📌 0

BlueHat IL 2025- Congratulations- your submission to the main hall was accepted!

🎉🎉

16.02.2025 08:56 — 👍 10 🔁 0 💬 0 📌 0

More baking!

09.02.2025 18:15 — 👍 6 🔁 0 💬 0 📌 0

Every single Canadian stereotype is correct. It is -4c (24f) today and I've seen one people walking around in shorts and another one in a short-sleeved t-shirt. Not a single person is wearing a hat.

07.02.2025 19:38 — 👍 0 🔁 0 💬 0 📌 0

Did a bit of baking this weekend

02.02.2025 14:20 — 👍 6 🔁 0 💬 0 📌 0

Of course!

31.01.2025 15:30 — 👍 1 🔁 0 💬 0 📌 0

Good morning

29.01.2025 16:35 — 👍 4 🔁 0 💬 0 📌 0

Does anyone know companies hiring for entry level roles (in Canada/remote)? And I mean *real* entry level, not degree + 2 certs + 3 years experience “entry level”.

Not just cybersecurity, any entry level roles at all, in any area.

27.01.2025 16:40 — 👍 1 🔁 0 💬 1 📌 0

Yarden Shafir

Latest posts by yardenshafir.bsky.social on Bluesky

@yardenshafir is following 20 prominent accounts