featured post

How Windows Delivery Optimization's Trust Chain Can Be Broken Before It Starts

Windows Delivery Optimization's security model, chunk hashes, peer banning, retry logic, all of it flows from a single in-memory structure called the Pieces Hash File. Control that file, and every downstream verification check works in your favor. This research traces how to get there: from the DLL, through the unpinned SSL channel, to the third-party CDN infrastructure serving that file to every Windows 11 machine on the planet.

windows delivery-optimization supply-chain reverse-engineering maldev trust-chain cdn bgp-hijack windows-update vulnerability-research dosvc doclient PHF authenticode sigma
Mar 10, 2026  ·  25 min read  ·  336 views
read →
recent writing
Windows Internals How Windows Delivery Optimization's Trust Chain Can Be Broken Before It Starts Mar 10, 2026
1posts
0papers
15topics
336total views
writingarchive →
Windows Internals ·windows

How Windows Delivery Optimization's Trust Chain Can Be Broken Before It Starts

Windows Delivery Optimization's security model, chunk hashes, peer banning, retry logic, all of it flows from a single in-memory structure called the Pieces Hash File. Control that file, and every downstream verification check works in your favor. This research traces how to get there: from the DLL, through the unpinned SSL channel, to the third-party CDN infrastructure serving that file to every Windows 11 machine on the planet.

Mar 10, 2026 25 min 336 views