About Me

Projects

• Nidhogg: Nidhogg is a multi-functional rootkit to showcase the variety of operations that can be done from kernel space.
• Jormungandr: Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.
• Cronos: Cronos is a PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners (PE-Sieve, Moneta, etc.)
• NovaHypervisor: NovaHypervisor is a defensive x64 Intel host based hypervisor. The goal of this project is to protect against kernel based attacks.
• Venom: Venom is a library that performing evasive communication using stolen browser socket.
• Sandman: Sandman is a NTP based backdoor for operations in hardened networks.

Notable Publications

• Lord Of The Ring0 Series: Lord Of The Ring0 is an introductory series to Windows kernel development that covers the basics of Windows kernel development in a security oriented manner including but not limited to callbacks, IRP hooks, communication with user mode from kernel mode and more.
• Ido Veltzman: Kernel Games: The Ballad of Offense & Defense [2024]: A talk in Poland, X33fCon, about creating stealthy rootkits to help red teams remain persistent, evade EDRs, and connect them to your existing C2 environment. Additionally, this will help elevate blue teams to detect the complex threat mentioned above.
• (Lady|)Lord Of The Ring [2023]: A talk in the largest public security conference in Israel, BSidesTLV, that covers some of the functionality that Nidhogg has to offer alongside explanation about the Windows kernel world.
• DigitalWhisper Publications: DigitalWhisper is one of the oldest active security zines in Israel that contains various of articles about security, software development and more. I have published several articles in the zine about my own persistence method, injection method and communication in evasive way.