 
                                                           o88                         ooooooo     ooooooo
 ooooooooo8 oooo   oooo ooooooooo8 oo oooooo    oooooooo8 oooo  oo oooooo    ooooooo o88    888o o88    888o
888oooooo8   888   888 888oooooo8   888    888 888ooooooo  888   888   888 888     888   88888o      88888o
888           888 888  888          888                888 888   888   888 888       88o    o888 88o    o888
  88oooo888     888      88oooo888 o888o       88oooooo88 o888o o888o o888o  88ooo888  88ooo88     88ooo88


─────────────────────────────────────────────────────────────────────────────────────────────────────────────

Posts

(Anti-)Anti-Rootkit Techniques - Part I: UnKovering mapped rootkits Mar 23, 2024 - 14 min read
Keylogging in the Windows kernel with undocumented data structures Feb 25, 2024 - 7 min read
.NET Assembly Obfuscation for Memory Scanner Evasion Oct, 2023 - External Link. Blogpost on my employer's blog - 9 min read
Abusing the GPU for Malware with OpenCL Mar 18, 2023 - 12 min read
Windows Access Tokens: Getting SYSTEM and demystifying Potato Exploits Nov 25, 2022 - 7 min read
Avoiding direct syscall instructions by using trampolines Aug 30, 2022 - 6 min read
Getting started with the Sliver C2 Framework Aug 29, 2022 - 7 min read

Talks

Intro to Syscalls for Windows Malware @ Prelude Discord Apr 12, 2023 - 60 minutes

Projects

Banshee Windows x64 Kernel Rootkit