My DFIR Blog

Disk encryption: wide-block modes, authentication tags aren’t silver bullets

Symlink attacks without code execution

CVE-2025-21210 aka CrashXTS: a practical randomization attack against BitLocker

Multiple vulnerabilities in AMI file system drivers

Vulnerabilities in 7-Zip and ntfs3

Operation-based prefetching

CVE-2023-4001: a vulnerability in the (downstream) GRUB boot manager

Bringing unallocated data back: the FAT12/16/32 case

CVE-2023-45897: a vulnerability in the Linux exFAT userspace tools

CVE-2023-4692, CVE-2023-4693: vulnerabilities in the GRUB boot manager