Driven and innovative, I have honed my skills in Python and problem-solving, with a strong passion for cybersecurity and network analysis. My ability to quickly learn and adapt to new technologies, combined with a collaborative mindset, has allowed me to contribute effectively to team efforts and achieve impactful outcomes. I am eager to tackle challenging security problems, develop creative solutions, and continue growing in the ever-evolving field of cybersecurity.
Windows OS internals —
Explored
• Researched Windows kernel/syscall architecture (Windows 11 24H2 — ~980 syscalls; Windows 10 22H2 — ~966 syscalls) and documented syscall differences across versions.
• Studied syscall semantics and lifecycle — how user-mode requests transition to kernel-mode and why syscalls are fundamental for process/kernel trust boundaries.
• Analyzed how malware leverages syscalls for stealthy operations (process/file/memory manipulation) and catalogued common syscall-based techniques used in real-world samples.
• Implemented direct syscall proof-of-concepts for core file operations: open, close, delete, read, write, create — including memory allocation and permission/modification flows.
• Built and tested syscall-based file I/O and memory primitives across x64 Windows environments to verify behavior and edge cases.
• Researched EDR/monitoring vendor approaches to syscall monitoring and detection signals (hooking, user-kernel transition anomalies, syscall argument inspection).
• Used and extended tooling during research: SysWhispers I/II/III, x64dbg, Procmon , Process Hacker — for instrumentation, reverse engineering, and runtime validation.
• Demonstrated defensive use-cases of syscall knowledge — developed syscall-driven scanners to detect hidden/obfuscated files and artifacts that evade higher-level APIs.
• Produced technical notes and reproducible examples showing syscall usage patterns and recommended telemetry points for defenders.
Next-step areas
• Deep-dive mapping of all version-delta syscalls and undocumented syscall behaviors across insider/beta builds.
• Full emulation of syscall dispatcher internals to simulate evasion/detection at scale.
• End-to-end exercises integrating direct-syscall bypass techniques with modern EDRs to evaluate real-world impact and mitigations.
Key achievements / impact
• Implemented direct-syscall file and memory primitives (proof-of-concept) to validate theoretical bypass techniques against syscall-based EDR detection.
• Identified detection telemetry gaps and proposed syscall-level instrumentation points to improve EDR coverage for hidden-file and memory-manipulation detection.
• Applied toolchain (SysWhispers I–III, x64dbg, Procmon, Process Hacker) to validate syscall implementations and produce reproducible technical artifacts.