Uncategorized

Notes From Building One When I began building a kernel-level EDR, I assumed visibility was the hard part and privilege was the solution. Running in ring 0 should mean total awareness. What I learned instead is this: Kernel privilege gives you authority — not observability. The limitations are architectural, not technical skill issues. Below are … Read more

“Understanding how shellcode actually resolves API addresses — not just calling functions blindly.” When I started exploring shellcode and reverse engineering, I kept running into examples that used Windows APIs without explaining how those functions were actually found or called in shellcode. I wanted to go deeper — to really understand how to write a … Read more