AI 资讯
BYOVD Explained — How Attackers Use Signed Drivers to Kill EDRs
Your EDR sees everything. Process launches, thread injections, DLL loads, filesystem writes. It has eyes inside the kernel — little hooks that fire before anything consequential happens, passing information up to the agent, letting it decide whether to block or alert. Now imagine something reaches into that kernel and quietly removes the hooks. No crash. No blue screen. No alert. The EDR process is still running, the dashboard still shows healthy, but the inputs it depends on are just gone. This is part of windows internals I've been exploring — understanding how systems actually behave under the hood, not just how tools interact with them. That's not a Windows bug. That's a trust problem. BYOVD doesn't exploit Windows — it exploits trust. Ring 0 vs Ring 3 — The Boundary That Matters Windows splits execution into privilege levels. Your applications, your malware, your EDR agent — they all run in Ring 3, user mode. The kernel runs in Ring 0. In my previous posts, I focused on how processes and execution work from an attacker's perspective. This goes one layer deeper — into the kernel where those assumptions start to break. This isn't just organizational. The CPU enforces it. Ring 3 code cannot directly read kernel memory. It cannot call kernel functions. Every interaction goes through a controlled interface — syscalls — and the kernel decides whether to honor each request. This is why typical malware stays loud. It has to use syscalls. Syscalls can be intercepted and monitored. At Ring 0, security tools are just data structures. Get code running in the kernel and those data structures become writable. The callback tables EDRs rely on, the hook registrations, the minifilter stack — all of it is reachable, readable, modifiable. A Quick Personal Note on Why This Boundary Matters Early on when I was messing around with kernel concepts, I tried doing something simple from user mode — reading a memory address that I knew belonged to a kernel structure. The kind of thing th
AI 资讯
Learnings about authentication and authorization.
At the beginning of my Engineering career, I worked in a place where I had a lot of freedom to implement and experiment any technology I found interesting. I tried many technologies like PHP, Java, EJBs, SOAP, Rest and JavaScript. This gave me a lot of perspective, but I lacked the guidance and mentoring from more experienced developers. One of the most problematic things I built was a login. I would like to share in this document things that I did in the past so you understand why it is problematic and how I would build them today. Earlier Mistakes My First PHP Login. This is not a terrible option when using a single host, small project, but the biggest problem comes when we need to scale horizontally. Session variables exist only on the servers they are created. If you add more servers + Load Balancer, there is no guarantee that your requests go to the same server. In terms of vulnerabilities, if somebody manages to read your session id, they can impersonate you, act on your behalf. This is not really different from other methods like JWT so it is important to set up SameSite cookies or CSRF tokens, but do you think I did that for my first login ? of course NOT! My first Password storage. If you are thinking on implementing a login please NEVER do what I am about to describe: The first time I implemented a password, I was worried that somebody would find out the "actual" password. I wasn't actually thinking about using HTTP (instead of HTTPs), so my take on this was "encrypting" the password into MD5. Then the password was saved in MD5, but I was NOT doing anything different than just sending the password AS is. Let me explain the problems with this approach: Over HTTP an MD5 password can be read, and anybody can simply replicate the request with the same MD5 MD5 was actually NOT encrypting, it was a hashing. There are databases all over the internet mapping MD5 and other hashed passwords available so finding an MD5 can actually be translated to an actual password
AI 资讯
Microsoft’s open source tools were hacked to steal passwords of AI developers
Microsoft shut down dozens of GitHub code repositories for Azure and AI coding tools after a reported hack.
AI 资讯
Meta Deletes Face-Recognition System From Its Smart Glasses App After WIRED Report
The code WIRED identified is gone from the latest version of Meta AI, the companion app for the company’s smart glasses. Meta won’t say why or whether it’s coming back.
AI 资讯
WhatsApp says it caught new spyware attacks linked to NSO Group in violation of court order
The messaging giant announced that it disrupted a phishing campaign targeting its users with NSO’s spyware.
AI 资讯
AgentTrust ID is live
This weekend, AgentTrust ID went live in production. As of today, all five SDKs are published: pip install agenttrustid npm install @agenttrustid/sdkgo get github.com/agenttrustid/sdk/go cargo add agenttrustid # Maven / Gradle # id.agenttrust:agenttrustid:0.3.0 The SDKs are open source under Apache 2.0 at github.com/agenttrustid/sdk . The hosted platform is running at app.agenttrust.id in a controlled beta. Why I built this AI agents broke the assumptions that machine-to-machine security was built on. An API key answers one question: who is calling. It asks it once, at the door. An agent decides its next action at runtime, from context nobody wrote by hand. The same agent that summarized a document a second ago might now try to email it, delete it, or chain a task to another agent. A credential that only proves identity has no opinion about any of that. Agents need a decision at the action boundary : should this specific action happen, right now, on whose behalf . Answered at runtime, every time, with an audit trail and a kill switch. What's running Everything below is live in production today, not a roadmap: Per-action authorization. Every consequential action passes a pre-flight check. The Guardian pipeline routes each action by risk: deterministic rule checks for the common path, a policy engine for mutations, and AI-backed review for destructive operations. Fail-closed where it counts. Opaque, instantly revocable tokens. Credentials are at_ references with no standing authority of their own . The server decides on every use, so revocation is one call, effective immediately. Scoped delegation. When one agent hands work to another, the grant narrows instead of copying : subset scopes, independent TTLs, independently revocable, bounded chain depth. Read-only sessions with time-boxed elevation. Sessions start safe and rise only on approval, for a bounded window, then revert on their own. One model across surfaces. MCP tools, agent-to-agent calls, and direct API inte
AI 资讯
The Developer's Guide to Environment Variables and Secrets Management
Why This Deserves More Attention Than It Gets Credential leaks are one of the most common and preventable security incidents in software. Bots actively scan GitHub for newly pushed API keys, database URLs, and private credentials — and they find them within minutes of a commit going public. Rotating compromised credentials is painful, and in some cases the damage is done before you even realize what happened. This isn't just an enterprise problem. It happens on solo side projects, open-source repos, and internal tools at startups. And the root cause is almost always the same: someone treated secrets like regular configuration and didn't have a clear strategy for keeping them out of version control, logs, and error messages. The patterns in this guide aren't bureaucratic overhead. They're the minimum viable approach for any app that talks to a real database or a real API. What Environment Variables Actually Are An environment variable is a key-value pair that lives in a process's environment — a set of values the operating system makes available to any running program. Every process inherits the environment of the process that spawned it. In Node.js, you access them through process.env : const port = process . env . PORT ; const dbUrl = process . env . DATABASE_URL ; In Python: import os port = os . environ . get ( ' PORT ' ) db_url = os . environ . get ( ' DATABASE_URL ' ) The core idea — and the reason env vars are the standard approach — is that they decouple what the app does from where it runs . The same application code can point at a local development database or a production cluster. The code doesn't change; only the environment does. This is the heart of the 12-Factor App principle: store config in the environment, not in the code. The .env File: What It Is and What It Isn't In local development, you don't set environment variables by hand before every terminal session. Instead, you use a .env file — a plain text file at the root of your project with one key
AI 资讯
Hackers likely hijacked over 20,000 Instagram accounts with Meta’s AI chatbot
Hackers likely took over 20,225 Instagram accounts using Meta's AI support chatbot, the company confirmed in a notice filed with the state of Maine. In the notice, spotted earlier by Bleeping Computer, Meta blames a "bug" for the exploit that allowed attackers to hijack accounts without two-factor authentication simply by asking the chatbot for a […]
创业投融资
Massachusetts votes to pass new privacy rights bill that bans sale of precise location data
The bill is expected to blanket-ban companies and startups from selling people's precise location data across the state.
AI 资讯
Article: Artificial Intelligence-Driven Phishing: How Phishing Technique Is Evolving and Implemented
In this article, the author examines how AI is transforming phishing from a manual, targeted activity into an automated and scalable attack model. The article breaks down each stage of the phishing lifecycle, showing how AI improves reconnaissance, profiling, content generation, delivery, and interaction, while outlining layered defenses that combine controls, processes, and user awareness. By Marco Rizzi
AI 资讯
How a Slow Office VPN Led Me to File a US Patent
This is the story of how a mundane complaint — "the VPN is slow" — turned into a US patent application. Not a granted patent. An application . I want to be precise about that from the start, because the distance between the two is the whole point of this post. It started with a slow VPN The company I work for had an internal VPN that everyone routed through. It lived in the Tokyo office, it was old, and it was not something I built. Then the complaints started arriving — from a lot of people, all saying the same thing: it's slow. I work from Thailand most of the time. That detail matters. If that aging box in Tokyo had fallen over, I would have been the person furthest from the power button, in the worst position to fix it. A slow VPN is annoying. An unreachable VPN, when you're a few thousand kilometers away, is a real problem. So I started moving it to the cloud. I stood up a WireGuard VPN — modern, fast, and something I could actually reason about and operate remotely instead of inheriting a black box. Down the WireGuard rabbit hole Around that time I was deep into building my own iPhone apps. So the cloud migration turned into a personal project on the side: I built my own server and wired WireGuard into an iPhone app of my own. And to do that properly, I started studying how WireGuard actually works under the hood — the Noise protocol, the handshake, the key exchange. That study is where everything else came from. I wasn't trying to invent anything. I was just trying to understand the thing I was now responsible for. The SYN flood that primed my brain Not long before, the same company had been hit with a SYN flood attack. If you've dealt with one, you know it lodges the mechanics of connection handshakes firmly in your head — the back-and-forth, the round trips, the cost of every "hello" before any real data moves. So I had handshakes on the brain. And then, reading through how WireGuard establishes a session, a thought stopped me: Wait — does it really handsha
开发者
All the Ways Europe Is Ditching American Technology
A WIRED timeline shows how dozens of governments, companies, and other organizations across Europe are moving, or planning to shift, away from US Big Tech.
AI 资讯
This Month in Networking - May 2026
Quiet Defaults, DNSSEC Cracks, and Agents in the Data Plane I read the AWS Nitro V6 TCP timeout change twice before I believed it. Default went from 432,000 seconds to 350 seconds. Five days to six minutes. On the newest instance family. Quietly, in release notes most people won't read until something breaks. That sort of set the tone for May. No flagship launch to anchor the month around. What there was a lot of: defaults moving in places vendor press releases don't celebrate. Post-quantum crypto pushing into campus boot chains. Every cloud vendor shipping some flavor of agentic-networking pattern. The .de TLD briefly breaking because of DNSSEC. None of it announced loudly. All of it the kind of thing that breaks production at 2am if you weren't paying attention. What Moved This Month Three things, fast. Post-quantum crypto left the VPN tunnel. Cisco's full-stack PQC for campus and branch is the next chapter after April's PQ IPsec story — boot, firmware signing, supply chain attestation, and transport-layer crypto all moving together. If your campus has mixed-vintage gear (which is basically everyone), this is multi-year partial coverage with no clean switchover. Agentic networking became a real category. Cloudflare's Town Lake / Skipper writeup and Claude Managed Agents , Palo Alto's Portkey-based unified AI Gateway , and AWS's Bedrock AgentCore connectivity patterns all dropped this month. The right question stopped being "can my agent reach the model" and became "what IAM blast radius does this agent have if it gets prompt-injected." DNSSEC had a rough month. The .de TLD broke briefly, the DNSSEC root key was rolled, and Cloudflare also debugged a QUIC CUBIC death spiral that was hiding in plain sight. The Internet's core had a louder month than usual, and not in a good way. 1. Agentic AI Is Now Actually A Networking Problem An agent in production isn't a fancy chatbot. It's a thing that calls APIs, reads logs, accesses SaaS data, and sometimes writes back to sy
AI 资讯
Detecting PII in Real-World Text
In Part 1 we installed Presidio and ran a basic detection on clean sample text. Real data is messier. Emails have signatures with phone numbers buried in HTML. Support tickets mix PII with technical jargon. Chat logs have informal name references that NER models struggle with. And sometimes the PII isn't in text at all. It's in screenshots and scanned documents. This part covers how Presidio's detection engine actually works under the hood, how to process different text types you'll encounter in production, and how to handle structured data and images. How the Analyzer Engine Works Presidio doesn't rely on a single detection method. It layers three approaches and combines their results. Named Entity Recognition (NER) The NER model (spaCy by default) processes the text and identifies entities based on the language model's training. It's good at catching names, locations, and organizations even when they don't follow a fixed pattern. "John Smith" is easy. "Dr. J. Martinez-Garcia" is harder but the NER model handles it because it understands context and word patterns. The tradeoff is that NER is probabilistic. It can miss unusual names or flag common words as entities. That's why Presidio doesn't stop here. Pattern Matching (Regex) For entities with predictable formats, Presidio uses regex recognizers. Credit card numbers, SSNs, email addresses, IP addresses, phone numbers all have known patterns. A Luhn-validated 16-digit number is almost certainly a credit card. A string matching \d{3}-\d{2}-\d{4} in the right context is probably an SSN. Pattern-based detections typically get higher confidence scores than NER detections because the pattern itself is strong evidence. Context Scoring Here's where it gets interesting. Presidio looks at the words surrounding a potential match to boost or lower confidence. If the text says "my SSN is 123-45-6789," the phrase "my SSN is" provides strong context that the number is actually a social security number and not some random ID. Th
AI 资讯
32/60 Days System Design Questions!
Your startup just got its first SOC 2 audit. The auditor asks: "Where are your database passwords, API keys, and service tokens stored?" Your senior engineer goes quiet. Turns out half of them are in .env files committed to git 18 months ago. Three are hardcoded in Lambda environment variables. One is in a Slack message from 2023. You have 6 services in production, 4 environments, and zero rotation policy. Here's the setup: • NestJS API → Postgres (password in env var) • NestJS API → Stripe (API key in env var) • Background workers → SQS, S3 (AWS credentials in env var) • 3rd-party webhooks → HMAC secrets in env var • Zero rotation. Zero audit trail. Zero centralized access control. You need to fix this. And you can't take downtime. A) Move everything to AWS Secrets Manager — SDK calls at runtime, IAM controls access, auto-rotation built in. B) Use HashiCorp Vault — dynamic secrets, fine-grained policies, works across any cloud or on-prem. C) Use environment variables injected at deploy time via CI/CD — secrets stored in GitHub Actions / GitLab CI secrets vault, never touch disk. D) Encrypt secrets with KMS and store ciphertext in your own database — decrypt at runtime, full control. All four are used in production at real companies. Pick one — A, B, C, or D — and tell me why. I'll drop the full breakdown in the comments. If your team is having this argument right now, share this post. Someone needs to see it. Drop your answer 👇 30DaysOfSystemDesign #SystemDesign #BackendEngineering #CloudArchitecture
AI 资讯
Why I stopped pasting into online Fake Data Generator tools
Every online Fake Data Generator tool I used had the same quiet flaw: whatever you paste gets POSTed to someone's server. For a Fake Data Generator, that paste is often exactly the sensitive thing — a token, a config, an API response. So I built Fake Data Generator to not do that. Generate fake names, emails, UUIDs, addresses — custom columns, CSV/JSON export. 100% browser-side — and it runs entirely in your browser, so there's nothing to send and nothing to breach. You don't have to take my word for it: open DevTools → Network, use the tool, and watch the tab stay empty. One HTML file, View-Source-able. https://faker.platotools.com/ It's part of platotools.com — a set of single-purpose, client-side dev tools. Feedback and edge-case bug reports very welcome.
AI 资讯
Stop the Leak: How I Built a Zero-Trust Kill Switch for Windows Using Only PowerShell
The Problem If you've ever audited your Windows network traffic during a boot-up sequence, you know the truth: there's a "blind spot." Between the moment your network drivers initialize and your VPN/WireGuard tunnel actually establishes, your traffic is leaking. Many third-party solutions exist, but they are often bloated, use proprietary binaries, or act as black boxes. I wanted something transparent, native, and bulletproof. The Solution: WG-KillSwitch I developed a pure PowerShell-based kill switch architecture. It doesn't rely on third-party libraries—it uses native Windows system components to enforce security. Key Architectural Features: Zero-Trust Firewall Matrix: Hardens the system by blocking all outbound traffic by default, allowing only authenticated tunnel traffic. WMI Persistent Watchdog: Unlike standard scripts that can be killed via Task Manager, this project uses WMI Event Subscriptions. If the watchdog process is terminated, Windows itself immediately respawns it. Resilience: Survives hard reboots, modem resets, and Windows service cycling. Resilience & Leak Testing I've put this through a gauntlet of tests: Forced Reboots: Zero leaks detected during driver load. Process Termination: The WMI engine restores the protection in milliseconds. Dynamic Network Resets: The firewall matrix remains active regardless of adapter status. Let's Collaborate This is open source, transparent, and built for the community. I'm looking for security audits and feedback. Check out the source code, open an issue, or submit a PR: https://github.com/ryderlacin-pixel/Windows-WireGuard-KillSwitch
科技前沿
Hacked, leaked, and held for ransom: the worst breaches of 2026 so far
From a massive DOGE data breach and the hacking of critical energy and water systems to the hack of an FBI surveillance system, here are the most damaging security incidents and data breaches of 2026.
AI 资讯
What a policy gate catches in AI-generated code, and what slips through
I maintain an open-source GitHub Action called vorsken. It does one thing: scan the diff on a pull request with Semgrep, apply a fixed policy, and return BLOCK, FLAG, or PASS. No dashboard, no model that drifts over time. Rules at ERROR/HIGH/CRITICAL severity block the merge, WARNING/MEDIUM flag it, the rest pass. Same diff, same verdict. The usual pitch for a tool like this is that it catches the SQL injection your AI assistant wrote. I wanted to see what it actually catches against real assistant output, so I generated 28 functions and ran them through. The test Seven backend tasks: a FastAPI upload endpoint, a URL-fetch helper, JWT auth, a SQL filter, an ImageMagick subprocess call, a LangChain file agent, and a LangChain RAG pipeline. I generated each one four times, with ChatGPT (GPT-5.5 Instant), Claude Code (Opus 4.8), Claude Code plus the security-guidance plugin, and Cursor (Composer 2.5). Single-shot, neutral prompt, no security hints. Then I scanned all 28 with the same ruleset. I'm reporting which rule fired on which file, not whether some model thinks the code is safe. That part you can reproduce. Task ChatGPT Claude Code + plugin Cursor Verdict file upload — — — — PASS url fetch (SSRF) ssrf ssrf ssrf — FLAG / Cursor PASS jwt auth api8 api8 — — BLOCK / 2 PASS sql filter — — — — PASS imagemagick — — — — PASS fs agent — overperm — — 1 BLOCK / 3 PASS rag dangerous dangerous dangerous dangerous BLOCK 7 BLOCK, 3 FLAG, 18 PASS across 28 functions. The basics were fine SQL filter, ImageMagick, file upload: clean on every tool. The SQL was parameterized, the subprocess calls passed argument lists instead of shell strings, the uploads weren't doing anything reckless. If you still expect current models to spray SQL injection across a straightforward CRUD task, they don't. On conventional work they get it right. Two of the flags are soft. The JWT api8 hits landed on a SECRET_KEY = "CHANGE_ME" placeholder, which you can read as a false positive or as a gate doing i
AI 资讯
The Hypervisor Is Becoming a Policy Enforcement Point
Most organizations still think of the hypervisor as a resource abstraction layer. CPU. Memory. Storage. The platform that decides where workloads run. That mental model is increasingly incomplete. Every major virtualization platform — vSphere, AHV, Proxmox — has been steadily accumulating policy enforcement responsibilities. The hypervisor isn't just deciding where workloads run. It's increasingly deciding what they're allowed to do. The Speed of the Shift Is the Real Story Virtualization practitioners already know security controls have moved downward through the stack. What's less appreciated is how compressed the most recent phase has been. For years, hypervisors enforced resource allocation. Within a single platform generation cycle, that same layer accumulated encryption policy enforcement, workload trust validation, microsegmentation, secure boot enforcement, host attestation, and workload isolation boundaries — not as optional add-ons, but as core platform capabilities. The perimeter-to-OS transition took decades. The hypervisor accumulated a comparable policy enforcement surface in the time between one major vSphere release and the next. That compressed timeline is what creates the ownership lag — the governance model adequate for a resource scheduler has not caught up to a platform that enforces organizational policy. The Hypervisor Now Makes Binding Decisions The distinction that matters: a platform that observes policy versus a platform that enforces it. The hypervisor is no longer observing. It is enforcing. VM fails attestation → workload does not start. Encryption policy mismatch → workload cannot migrate. Segmentation policy violation → communication blocked at the platform layer. Trust validation failure → host removed from workload eligibility. Those are not scheduling decisions. Those are governance outcomes. The workload doesn't get a vote. This is what makes the hypervisor governance infrastructure : infrastructure that directly enforces organiza