Home
Security researcher working on defensive tooling, virtualization security, and Windows internals.
I publish research notes and source prototypes for low-level defensive analysis: hypervisor-based memory monitoring, DLL injection detection through CRT analysis, vtable integrity checking, and Windows internals forensics.
Posts
-
VMCS by Practice: Notes from Writing a Hypervisor
-
EPT Internals: Understanding Intel's Second Layer of Paging
-
PEB Internals: What the Process Environment Block Reveals and Why Defenders Care
-
VMT Hooking: How It Works and How to Detect It
-
CRT vs NoCRT: How the C Runtime Helps Defenders Catch Injected DLLs
subscribe via RSS