Core Engineering	System Internals	Analysis & Debugging

POV: You acquired the spinlock at DISPATCH_LEVEL but touched paged memory...

A kernel-mode driver focused on reducing user-mode tampering against protected processes.

• Access Control: Uses ObRegisterCallbacks to filter/strip handle permissions.
• Hardening (WIP): Researching safe kernel telemetry + anti-tamper patterns (no “magic stealth claims”).
• Stack: C, WDK, Kernel synchronization, IRQL-aware code

A digital detox tool that interfaces with iOS devices over USB to enforce restriction profiles.

• Protocol work: Exploring iOS configuration / MDM-related workflows via libimobiledevice.
• Implementation: Desktop UX using ImGui, device control via USB stack.
• Stack: C++, Reverse engineering mindset, USB protocols

Enterprise-grade session replay & analytics platform with a real-time event pipeline.

• Pipeline: Ingest → process → store → replay user sessions.
• Stack: TypeScript, Next.js, PostgreSQL, WASM (encoding experiments)

I learn systems security by debugging real artifacts and writing tooling around them:

• Windows Internals: scheduler, EPROCESS/KTHREAD, handle tables, callbacks
• Kernel dev: WDK, IRQL rules, sync primitives, IOCTL design
• RE practice: static + dynamic analysis, patching, small PoCs
• Reading / notes: turning findings into writeups (planned: blog repo)

#include <ntddk.h>

NTSTATUS DriverEntry(_In_ PDRIVER_OBJECT DriverObject, _In_ PUNICODE_STRING RegistryPath) {
    UNREFERENCED_PARAMETER(RegistryPath);

    DriverObject->DriverUnload = NULL; // Set later in real projects
    DbgPrintEx(DPFLTR_IHVDRIVER_ID, DPFLTR_INFO_LEVEL, "Aegis: Driver loaded.\n");

    return STATUS_SUCCESS;
}