Blog

Research notes, technical deep-dives, and thoughts on kernel security.

Engineering Control-Flow Flattening: Harden, Reverse, Patch

12 min read

Hardening a baseline CFF transform, then reversing the flattened binary produced by this project....

reverse-engineeringobfuscationdeobfuscationnativeC

2026-06-08

Engineering Control-Flow Flattening: Build, Reverse, Patch

6 min read

Obfuscating and Deobfuscating Basic CFF...

reverse-engineeringobfuscationdeobfuscationnativeC

2026-04-11

Stochastic Eigenvalue Decomposition of Cystic Fibrosis Transmembrane Conductance Regulator Ion Channel Gating

15 min read

Reverse Engineering CFTR as a Hidden State Machine...

reverse-engineeringoff-topicscience

2026-04-10

ErebusVM: .NET Virtualization Based Obfuscation

nil min read

Building a first iteration of a .NET virtualization based obfuscator...

reverse-engineeringobfuscationdotnetil

2026-04-04

Engineering a Layered MBA Obfuscator in .NET IL - Part 2

8 min read

Breaking down the paired .NET IL deobfuscator, rewrite pipeline, residual analysis, and what actually survives automated simplification....

reverse-engineeringobfuscationdotnetildeobfuscation

2026-04-03

Engineering a Layered MBA Obfuscator in .NET IL - Part 1

10 min read

Building a layered .NET IL MBA obfuscator with safe rewrite rules, deterministic template selection, growth budgets, and telemetry-backed evaluation....

reverse-engineeringobfuscationdotnetilmba

2026-04-03

Reversing a Driver: Uncovering NtDeviceIoControlFile

9 min read

Step-by-step deobfuscation of a kernel driver's obfuscated ntdll export using an index-based Caesar shift, with a minimal Python reproduction....

reverse-engineeringkerneldriverwindowsobfuscation

2025-08-23

reverse-engineering-chches-a-chinese-state-linked-espionage-malware

> Note: this write-up stays disciplined about what is directly supported by the recovered loader, unpacked payload, helper scripts, and HLIL. Where the sample clearly supports a behaviour, I say so. ...