Ido Veltzman
Ido Veltzman is a senior security researcher specialising in reverse engineering, operating system internals, vulnerability research, and exploit development. His work spans UEFI, hypervisors, kernel, and user mode, where he has developed advanced evasion, persistence, and injection techniques. Ido is known for translating deep technical research into practical offensive tradecraft, and regularly publishes papers and presents to the global cybersecurity community.
You can view my public work under my GitHub account.
Expertise
Notable Projects
- ▸Nidhogg
Windows rootkit for Intel x64 with 25+ features, demonstrating rootkit techniques compatible with all Windows 10 and Windows 11 versions.
- ▸NovaHypervisor
Windows hypervisor for Intel x64: defensive host hypervisor for Windows designed to mitigate kernel-level attacks including BYOVD, compatible with VMware and Hyper-V.
- ▸Jormungandr
A kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.
- ▸Cronos
A PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners (PE-Sieve, Moneta, etc.)
- ▸Venom
A library performing evasive communication using a stolen browser socket.
- ▸Sandman
An NTP-based backdoor for operations in hardened networks.
Notable Publications
- ▸Lord Of The Ring0 Series
An introductory series to Windows kernel development covering callbacks, IRP hooks, kernel-to-user communication, and more.
- ▸Kernel Games: The Ballad of Offense & Defense [X33fCon 2024]
A talk in Poland about creating stealthy rootkits to help red teams remain persistent, evade EDRs, and integrate with existing C2 environments.
- ▸(Lady|)Lord Of The Ring [BSidesTLV 2023]
A talk at BSidesTLV covering the functionality of Nidhogg alongside an explanation of the Windows kernel world.
- ▸DigitalWhisper Publications
Articles in one of Israel's oldest active security zines, covering a persistence method, an injection method, and evasive communication.
Get In Touch
Feel free to reach out via X (Twitter), Telegram, or email regarding any of my projects or publications. Enjoy the blog!