Ido Veltzman
Ido Veltzman is a senior security researcher specialising in reverse engineering, operating system internals, vulnerability research, and exploit development. His work spans UEFI, hypervisors, kernel, and user mode, where he has developed advanced evasion, persistence, and injection techniques. Ido is known for translating deep technical research into practical offensive tradecraft, and regularly publishes papers and presents to the global cybersecurity community.
You can view my public work under my GitHub account.
Expertise
Notable Projects
- ▸Nidhogg
A multi-functional rootkit to showcase the variety of operations that can be done from kernel space.
- ▸NovaHypervisor
A defensive x64 Intel host-based hypervisor to protect against kernel-based attacks.
- ▸Jormungandr
A kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.
- ▸Cronos
A PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners (PE-Sieve, Moneta, etc.)
- ▸Venom
A library performing evasive communication using a stolen browser socket.
- ▸Sandman
An NTP-based backdoor for operations in hardened networks.
Notable Publications
- ▸Lord Of The Ring0 Series
An introductory series to Windows kernel development covering callbacks, IRP hooks, kernel-to-user communication, and more.
- ▸Kernel Games: The Ballad of Offense & Defense [X33fCon 2024]
A talk in Poland about creating stealthy rootkits to help red teams remain persistent, evade EDRs, and integrate with existing C2 environments.
- ▸(Lady|)Lord Of The Ring [BSidesTLV 2023]
A talk at BSidesTLV covering the functionality of Nidhogg alongside an explanation of the Windows kernel world.
- ▸DigitalWhisper Publications
Articles in one of Israel's oldest active security zines, covering a persistence method, an injection method, and evasive communication.
Get In Touch
Feel free to reach out via X (Twitter), Telegram, or email regarding any of my projects or publications. Enjoy the blog!