Featured Investigations

## vulnerability_research 2

CVE-2026-42972 Important · CVSS 5.5

Windows Hyper-V Information Disclosure

Unintentional kernel-memory read from a user-mode process in Hyper-V. Reported to MSRC and fixed in the June 2026 update.

Microsoftadvisory ↗

CVE-2025-11156 NSKPSA-2025-005

Unintended Driver Load Paths

Kernel-level vulnerability stemming from unintended driver load paths in the Netskope client.

Netskopeadvisory ↗

## malware_analysis 3

Reversing a Microsoft-Signed Rootkit: The Netfilter Driver · on this site

How a malicious driver slipped through Microsoft attestation signing — WFP-based IP redirection, its C2 channel, and what Microsoft tightened afterward.

LockBit Operator Privacy Analysis // writeup forthcoming

Intrusion insights drawn straight from leaked LockBit operator chats.

Malware in a VPN Appliance?! (Ivanti Connect Secure) ↗

Reverse engineering implants planted in an Ivanti Connect Secure appliance.

## open_source_tooling 4

AutoPiff ★ 63

Semantic engine — 58 YAML rules across 22 vulnerability categories — detects fix patterns in driver patches.

github ↗

KernelSight ★ 11

Knowledge base — 28 Windows kernel driver case studies grounded in real CVEs.

github ↗

DriverAtlas ★ 5

Structural analysis — classifies driver frameworks, scores attack surface with 22 weighted rules.

github ↗

driver_analyzer ★ 2

Production pipeline — Karton + MWDB + Ghidra + MinIO orchestration and alerting.

github ↗