Technical writeups on hypervisors, reverse engineering, and low-level Windows internals.

VMCS by Practice: Notes from Writing a Hypervisor

May 20, 2026

hypervisorvmxintelreverse-engineeringlow-level

EPT Internals: Understanding Intel’s Second Layer of Paging

May 18, 2026

hypervisoreptintelmemorylow-level

PEB Internals: What the Process Environment Block Reveals and Why Defenders Care

May 15, 2026

windowsinternalsdefensemalware-analysislow-level

VMT Hooking: How It Works and How to Detect It

May 12, 2026

windowshookingdetectioncppdefense

CRT vs NoCRT: How the C Runtime Helps Defenders Catch Injected DLLs

May 10, 2026

windowsdetectiondefensemalware-analysisdllcrt