Security researcher focused on defensive tooling at the lowest layers of the system: hypervisors, kernel structures, and binary internals.

What I Work On

Most of my public research is in two areas: hypervisor-based security using Intel VT-x/EPT concepts, and Windows detection engineering through CRT analysis, vtable integrity checks, and PEB monitoring.

I also spend time in IDA Pro reconstructing C++ class hierarchies and tracing control flow in stripped binaries. The reverse engineering work feeds directly into detection research: you cannot build good detections without understanding the technique at the binary level.

Tools

IDA Pro, WinDbg, x64dbg, Ghidra, Visual Studio, Hyper-V, Process Monitor, Volatility, Sysmon, ETW

Focus Areas

  • Hypervisor security research: Intel VT-x, EPT, VMCS
  • DLL injection detection and CRT/NoCRT analysis
  • Windows internals and PEB forensics
  • Vtable integrity and COM interface monitoring
  • C++ binary structure reconstruction

Responsible Use

The public projects on this site are defensive research prototypes for authorized labs, malware-analysis environments, and security education. They do not include exploitation, persistence, ransomware, credential theft, or mass-exfiltration tooling.

Contact