About

Security engineer by day. Windows kernel tinkerer at most other hours.

The day job involves the expected: threat research, detection engineering, the occasional deep-dive into something with a CVE pending. I keep the employer off personal platforms.

I ended up in security through game hacking — not because games were the goal, but because anticheat software turned out to be some of the most interesting kernel-mode code I’d found to argue with. BattleEye in particular. When you spend enough time trying to understand why something catches you, you learn how to build it.

The stuff I tend to spend time on: Windows kernel infrastructure, hypervisors, driver analysis, injection and hooking primitives, detection mechanisms. Projects come and go — I’ve got the attention span of someone who finds every rabbit hole interesting, which means half-finished tooling and a lot of working knowledge. The things worth writing about end up here.

Areas

Windows kernel internals — Intel VT-x, EPT, Hyper-V internals — driver reverse engineering — EDR and anticheat mechanisms — malware development and analysis — process injection and evasion — detection engineering — CVE research

Contact

• Email: [TODO: add email]
• Keys: [TODO: add PGP key URL]
• GitHub: [TODO: add github.com/username]

The name? DKOM — Direct Kernel Object Manipulation. Using the kernel’s own data structures to make things invisible to the kernel. It seemed like an appropriate theme for a blog about making things the kernel sees, and things it doesn’t.