About

Security researcher focused on Windows Internals, Malware Development, and the low-level mechanics that make modern defenses tick. This blog is a notebook: things I've worked through, details I want to be able to reference later, and write-ups that might save someone else a few hours.

Topics lean toward user-mode exploitation primitives, loader mechanics, syscall abuse, and the telemetry that defenders use to catch it all. Occasionally: kernel.

Nothing here is novel research — it's synthesis, implementation notes, and explanations of techniques that already exist in papers and public tooling. I find writing things out forces precision that reading alone doesn't.

Find me on GitHub or reach out via email.