Andrew Case · Aug 16, 2020 · 11:24 PM UTC

Andrew Case @attrc

16 Aug 2020

My rootkit writing skills are quite rusty.. I have caused so many kernel panics today.. :| How did people do this before virtual machines??!?!

Hal Pomeranz · Aug 17, 2020 · 12:10 AM UTC

Hal Pomeranz · Aug 17, 2020 · 12:10 AM UTC

Hal Pomeranz @hal_pomeranz

17 Aug 2020

Replying to @attrc

Blue screens are how Microsoft got early notification of lots of malware in development

Aug 17, 2020 · 12:10 AM UTC

Andrew Case · Aug 17, 2020 · 7:15 PM UTC

Andrew Case @attrc

17 Aug 2020

My friend at a major browser vendor ran a similar team :)

Fran Donoso (@francisck@infosec.exchange) · Aug 17, 2020 · 8:07 PM UTC

Fran Donoso (@francisck@infosec.exchange) @Francisckrs

17 Aug 2020

And NSA just sniffed this and other crash dump traffic to get visibility into crashing implants not checking in: schneier.com/blog/archives/2…