Blog

Research notes, technical deep-dives, and thoughts on kernel security.

Reversing a Driver: Uncovering NtDeviceIoControlFile
9 min read
Step-by-step deobfuscation of a kernel driver's obfuscated ntdll export using an index-based Caesar shift, with a minimal Python reproduction....
reverse-engineeringkerneldriverwindowsobfuscation
2025-08-23