CTS-Labs, following up on Tuesday's "Masterkey" exploit proof-of-concept video, posted a guide to bypassing Windows Credential Guard on an AMD Ryzen-powered machine. We once again begin in a privileged shell session, of an AMD-powered machine whose Secure Processor that has been compromised using admin privileges, by exploiting it using any of the 13 vulnerabilities chronicled by CTS-Labs. Mimikatz, a tool that is used by hackers to steal network credentials, should normally not work on a machine with Windows Credential Guard enabled. Using a modified version of Mimikatz, the CTS-Labs researchers are able to bypass Windows Credential Guard (which relies on hardware-level security features present on the processor), leveraging the AMD Secure Processor malware microcode they wrote.The proof-of-concept video follows.

In separate interviews with Vice Motherboard, Viceroy Research, the AMD stock short-seller that posted an obituary of AMD, and CTS-Labs, which claims AMD "Zen" architecture is infested with glaring security vulnerabilities; crystallized their financial positions on "AMD Flaws." CTS-Labs and Viceroy Research each went on record to state that they have no financial relationship with each other. "Viceroy [Research] is not a client of CTS[-Labs], and CTS[-Labs] did not send its research to Viceroy [Research]," said Yaron Luk, co-founder of CTS-Labs, but confirmed that his company's business-model involves sharing their cyber-security research with stock research firms (like Viceroy Research), which probably use the information to short tech stocks (a highly unethical though not yet illegal practice). "We are a for-profit company that gets paid for its research by a variety of research clients," Luk stated.

It's becoming increasingly clear that entities other than AMD had access to CTS-Labs' work, at least the report, if not the "research package," greater than 24 hours before public disclosure (i.e. before even AMD could see it), and one such entity, referred to as an "anonymous tipster" in the Motherboard report, "shared" the information with Viceroy Research, which quickly bought itself a shorting position against the AMD stock, and posted a 25-page doomsaying report to accelerate the fall of AMD stock (which isn't quite happening at the time of writing this post). Viceroy Research is brazen about its position on the matter. "We haven't hidden the fact that we short the stock," said Fraser Perring, founder of Viceroy. Cybersecurity guru Alex Stamos, who is associated with Facebook, without taking names, tweeted an ominous warning that short-selling fueled security research "is going to end in tears. Hopefully due to lost money, and not because naive researchers go to prison." Does this foretell new regulation by the SEC that renders Viceroy's position into a black-hole for their money? The SEC has taken a great interest in the behavior of tech corporations and investors around cyber-security research.