Researches
This page contains links to my researches on various blogs, including, my own.
2024
Kyivstar cyberattack - under the hood of the malicious scripts
2023
Guntior - the story of an advanced bootkit that doesn't rely on Windows disk drivers
Unboxing ProjectSauron's arsenal - inside Remsec rootkit drivers
A review of the latest Win11 IP kernel changes
2022
Dissecting Windows Section Objects
Inside the Windows Cache Manager
2018
Windows 10 RS5 introduces a new Software PTE type
What is a Proto-PTE and how Windows VMM works with it
Why Google Chrome runs so many processes
2017
Windows exploitation in 2016
Finfisher rootkit analysis
Wingbird rootkit analysis
EquationDrug rootkit analysis (mstcp32.sys)
Stuxnet drivers: detailed analysis
GrayFish rootkit analysis
2016
Windows exploitation in 2015
Remsec driver analysis, Part 2, Part 3, Part 4
A note about Sednit rootkit
2015
2014
2013
2012
Necurs rootkit under microscope
Zegost - analysis of the Chinese backdoor
Analysis of VirTool:WinNT/Exforel.A rootkit
TDI - a new element in old tdss story
OnlineGameHack analysis
Investigation an industrial rootkit incident
Guntior bootkit analysis
ZeroAccess - new steps in evolution
Flame case
2011
Windows NT development story (RU)
2009
TDL3 analysis (with Dr.Web team) [RU]
Notes of the NTFS researcher (RU)
Attacking the Windows cache (RU)
2008
Invisible LKM attacks to Windows XP (RU)
Windows XP VMM research papers [RU]
Includes deep research info about VMM internals
- Cache
- Hyperspace
- PFN database
- Sections
- VAD
- WSL
- VA translation
- stack