Research
Technical writeups, reverse engineering notes, and vulnerability research. Each article documents a self-contained investigation — sources, methodology, findings, and reproducible artifacts.
Articles
- Analyze Defender — Reverse Engineering the Windows Defender TP/RTP State Mechanism
- ForceIO — Reverse Engineering IObitUnlocker.sys for Minifilter-Bypass File Operations
- Static analysis of skci.dll — the Secure Kernel Code Integrity module
- EfiTool — UEFI Bootkit Achieving NT AUTHORITY\SYSTEM via In-RAM Registry Patching