██████╗  ██████╗  ██████╗ ████████╗██╗  ██╗ █████╗  ██████╗██╗  ██╗███████╗██████╗
██╔══██╗██╔═══██╗██╔═══██╗╚══██╔══╝██║  ██║██╔══██╗██╔════╝██║ ██╔╝██╔════╝██╔══██╗
██████╔╝██║   ██║██║   ██║   ██║   ███████║███████║██║     █████╔╝ █████╗  ██████╔╝
██╔══██╗██║   ██║██║   ██║   ██║   ██╔══██║██╔══██║██║     ██╔═██╗ ██╔══╝  ██╔══██╗
██║  ██║╚██████╔╝╚██████╔╝   ██║   ██║  ██║██║  ██║╚██████╗██║  ██╗███████╗██║  ██║
╚═╝  ╚═╝ ╚═════╝  ╚═════╝    ╚═╝   ╚═╝  ╚═╝╚═╝  ╚═╝ ╚═════╝╚═╝  ╚═╝╚══════╝╚═╝  ╚═╝

$ cat /etc/passwd | grep rootkitdev
rootkitdev:x:0:0:Security Researcher:/root:/bin/zsh

$ id
uid=0(root) gid=0(root) groups=0(root),1337(elite)

Low-level security researcher operating primarily in kernel space. I write rootkits, develop exploits, reverse engineer malware, and break things for sport on weekends via CTF competitions. My work sits at the intersection of systems programming and offensive security — from ring-0 implants to userland exploitation chains.

Not affiliated with any threat actor. All research is conducted in isolated lab environments.

• LKM Rootkits — Linux Kernel Module–based persistence, process hiding, file cloaking, syscall hooking via ftrace / direct DKOM
• DKOM Manipulation — Direct Kernel Object Manipulation for hiding processes from ps, top, /proc
• Syscall Hooking — sys_call_table patching, kprobes, ftrace-based inline hooks
• eBPF Offensive Use — Weaponising eBPF for stealthy keylogging, network sniffing, and evasion
• Bootkit Research — UEFI-level persistence, EFI runtime service hooks

• Linux ELF Exploitation — Stack/heap overflow, ROP chains, FSOP, off-by-one, format string
• Windows Kernel Exploits — IOCTL abuse, pool corruption, token privilege escalation
• Browser Exploitation — JIT spraying, type confusion, sandbox escape primitives
• Bypassing Mitigations — KASLR/ASLR/PIE bypass, SMEP/SMAP/NX evasion, CFG/CET bypass
• CVE Research — Vulnerability discovery via fuzzing and manual source/binary auditing

• C2 Implants — Custom beacons with encrypted comms, jitter, and malleable profiles
• Persistence Mechanisms — Scheduled tasks, COM hijacking, registry, WMI subscriptions, bootloaders
• AV/EDR Evasion — Syscall unhooking, PPID spoofing, process injection (APC, hollowing, stomping)
• Anti-Analysis — Anti-debug, anti-VM, timing attacks, obfuscation pipelines

{
  "active_since": "20XX",
  "events_competed": "100+",
  "favourite_categories": [
    "pwn",
    "rev",
    "kernel",
    "misc (the giga-brain ones)"
  ],
  "preferred_platforms": ["CTFtime", "HackTheBox", "pwn.college"],
 
  "write_ups_published": true
}

a1f3c9e  [rootkit] eBPF-based process hider with ring-0 comms channel
8b2d441  [exploit] CVE-XXXX-XXXXX — Linux kernel heap UAF → LPE
3e9fa20  [ctf] write-up: kernel heap exploit, corCTF 2024
d47c102  [implant] custom C2 with encrypted DNS-over-HTTPS exfil
f19a831  [research] DKOM walk — hiding from eBPF-based EDRs
0cc7741  [tool] syscall-unhook — restore NTDLL hooks via fresh mapping
9a3e558  [ctf] write-up: browser pwn via JIT type confusion

Note: Offensive Tools are kept private or are published responsibly after coordinated disclosure. Public repos contain sanitised PoCs, research notes, and CTF solutions only.

> Understand the system before you break it.
> Break it before someone else does.
> Document everything. Leave the scene better than you found it.
> The kernel has no secrets — only patience requirements.

[ 0.000000] GitHub stats kernel initialising...
[ 0.001337] Counting commits... done.
[ 0.002600] Enumerating languages... C, ASM, Python, Rust
[ 0.003999] Mounting /proc/contributions