Builder, Researcher, Teacherhttps://michaelbommarito.comen-ushttps://michaelbommarito.com/wiki/infosec/june-2026-patch-tuesday-patch-diffhttps://michaelbommarito.com/wiki/infosec/june-2026-patch-tuesday-patch-diffreverse-engineering microsoft's record june 2026 patch tuesday: localizing the headline network and kernel cves, and two systemic observations (velocity-flag-gated fixes, and a reachability correction on the wormable tcp/ip rce)Wed, 10 Jun 2026 12:00:00 GMThttps://michaelbommarito.com/wiki/infosec/glaurung-windows-driver-findingshttps://michaelbommarito.com/wiki/infosec/glaurung-windows-driver-findingsa running catalog of windows kernel-driver bugs found with glaurung, the binary-analysis toolkit — what each bug is, how the tool surfaced it, and an honest read on why microsoft did or did not act on it.Wed, 10 Jun 2026 00:00:00 GMThttps://michaelbommarito.com/wiki/infosec/ndfltr-networkdirect-offset-wrap-oob-readhttps://michaelbommarito.com/wiki/infosec/ndfltr-networkdirect-offset-wrap-oob-readglaurung found an integer-overflow-before-bounds-check in the windows NetworkDirect filter driver: a 32-bit (offset+length) validation that wraps while the use site applies the offset as a 64-bit addend, sending the source pointer ~4 GiB out of bounds. unprivileged on RDMA hosts, but a denial-of-service floor — and one of three candidate sites was a false positive we caught before disclosing.Wed, 10 Jun 2026 00:00:00 GMThttps://michaelbommarito.com/wiki/infosec/ndkping-null-deref-doshttps://michaelbommarito.com/wiki/infosec/ndkping-null-deref-dosglaurung flagged an ioctl dispatcher in the windows NDK diagnostic driver that loads Irp->AssociatedIrp.SystemBuffer and dereferences it without a null check. a METHOD_BUFFERED ioctl with zero-length input and output leaves SystemBuffer NULL, and every case body reads [NULL+0x28]. reproduced live as bugcheck 0x3B — but it is admin-only, which is exactly why microsoft will not fix it.Wed, 10 Jun 2026 00:00:00 GMThttps://michaelbommarito.com/blog/reading-all-of-notepad-with-an-llmhttps://michaelbommarito.com/blog/reading-all-of-notepad-with-an-llmsix months building glaurung, sixty distracted minutes using it: lift all of notepad.exe, rank candidates with an llm, confirm on ground-truth disassembly, reproduce a heap overflow live on a shipping binary — then honestly conclude microsoft should not fix it. a worked example of llm-assisted decompilation done without fooling yourself.Sat, 30 May 2026 00:00:00 GMThttps://michaelbommarito.com/wiki/chunklorishttps://michaelbommarito.com/wiki/chunkloriscross-ecosystem measurement of per-chunk / per-frame cpu cost in production http/1, http/2, http/3, and websocket servers under one-byte-per-chunk request bodiesFri, 22 May 2026 00:00:00 GMThttps://michaelbommarito.com/wiki/models/mimelens-pcap-classificationhttps://michaelbommarito.com/wiki/models/mimelens-pcap-classificationhow to identify file content type from a tcpdump pcap — including from a single 1.4 kb udp datagram — using the mimelens-medium-byte encoder.Fri, 22 May 2026 00:00:00 GMThttps://michaelbommarito.com/wiki/models/mimelenshttps://michaelbommarito.com/wiki/models/mimelenspretrained byte-level and bpe BERT encoders that classify file content from a 4 kb chunk anywhere inside a file — including a single 1.4 kb udp packet.Fri, 22 May 2026 00:00:00 GMThttps://michaelbommarito.com/wiki/per-chunk-amplification/actix-h2https://michaelbommarito.com/wiki/per-chunk-amplification/actix-h2HTTP/2 (h2c) DATA frames. actix-web (h2c) 4.x. verdict: batches correctly.Fri, 22 May 2026 00:00:00 GMThttps://michaelbommarito.com/wiki/per-chunk-amplification/actix-webhttps://michaelbommarito.com/wiki/per-chunk-amplification/actix-webHTTP/1.1 chunked transfer encoding. actix-web 4.x. verdict: vulnerable per chunk.Fri, 22 May 2026 00:00:00 GMT