about
who i am
Red team operator and offensive security researcher with a deep obsession for low-level Windows internals. I spend most of my time at the intersection of kernel exploitation, hypervisor research, and reverse engineering tearing apart security mechanisms to understand how they work and where they fail.
My current focus is Windows kernel and hypervisor
security: VBS/Hyper-V architecture, VTL isolation
boundaries, and the internals of
securekernel.exe. When I'm not staring at
IDA or WinDbg, I'm probably writing about what I found.
areas of interest
- Windows Kernel Exploitation
- Hypervisor Internals (VBS, Hyper-V, WHP API)
- Secure Kernel & VTL 0 → 1 Boundaries
- Driver Development & Analysis
- Reverse Engineering (IDA Pro, WinDbg)
- EDR Evasion & Bypass Research
projects
- VulnDriver - Vulnerable kernel driver demonstrating UAF via non-atomic reference counting, race condition exploitation, and LPE to SYSTEM.
- Mirage-RS - Rust reimplementation of Akamai's Mirage technique for VBS enclave payload staging across VTL boundaries.
- VFCoop - IDAPython vfGadget enumerator for COOP (Counterfeit Object-Oriented Programming) gadget discovery.
- Volstgalph - x86-64 4-level paging simulator for studying virtual address translation mechanics.
- Solemn - HVCI driver blocklist automation tooling.
- Misery - EDR bypass loader.
"Consider your origin; you were not born to live like brutes, but to follow virtue and knowledge."
Inferno, Canto XXVIcontact
- github: @unkvolism
- email: sorahed@proton.me
- twitter: @ExallocatePool2