My name is Ido Veltzman, I am an experienced security researcher, who has worked in various cyber-security roles close to six years. My main expertise are:- Reverse Engineering
- OS Internals
- Kernel Development
- Malware Development
- Exploit Development
- Security Research
In my free time, I am working on projects in the areas of evasion, persistence and injection methods for both kernel mode and user mode and releasing them under my GitHub account.
- Nidhogg: Nidhogg is a multi-functional rootkit to showcase the variety of operations that can be done from kernel space.
- Jormungandr: Jormungandr is a kernel implementation of a COFF loader, allowing kernel developers to load and execute their COFFs in the kernel.
- Cronos: Cronos is a PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners (PE-Sieve, Moneta, etc.)
- Venom: Venom is a library that performing evasive communication using stolen browser socket.
- Sandman: Sandman is a NTP based backdoor for operations in hardened networks.
- Lord Of The Ring0 Series: Lord Of The Ring0 is an introductory series to Windows kernel development that covers the basics of Windows kernel development in a security oriented manner including but not limited to callbacks, IRP hooks, communication with user mode from kernel mode and more.
- (Lady|)Lord Of The Ring [2023]: A talk in the largest public security conference in Israel, BSidesTLV, that covers some of the functionality that Nidhogg has to offer alongside explanation about the Windows kernel world.
- DigitalWhisper Publications: DigitalWhisper is one of the oldest active security zines in Israel that contains various of articles about security, software development and more. I have published several articles in the zine about my own persistence method, injection method and communication in evasive way.
Feel free to contact me via X (Twitter), Telegram or mail regarding any of my projects or publications. Enjoy reading the blog and have fun!
