Dynamic direct-syscall framework for Windows, built as a modern SysWhispers/Hell's Gate successor for AV/EDR research and hooking-aware execution.
Kernel driver plus user-mode tooling that captures high-signal injection and post-exploitation events with per-client IOCTL queues and a Stinger ETW provider for scalable correlation.
Rust control-flow hardening and obfuscation: proc-macro transforms functions into dispatcher-style execution with randomized noise to raise the cost of static analysis and reversing.
Post-build string protection for Windows; encrypts eligible literals, stores metadata in a PE section, and decrypts on-demand at runtime to reduce static string exposure.
Compile-time string encryption for Rust via proc macros with multiple engines, generating encrypted blobs at build time and compact runtime decrypt shims.
Lightweight Windows ETW telemetry for detecting untrusted processes accessing protected filesystem resources.
We reverse engineer Windows internals, build novel offensive tooling, and translate those findings into new detection and methodology ideas—blurring the line between craft development and defender tooling.
We invent detection methodology, stress-test it with real sensor data, and bake the learnings into automation so blue teams get precise, actionable signals rather than consultancy artifacts.
We capture kernel/user boundary signals, enrich priv-esc telemetry, and fortify instrumentation so peripheral controls can surface novel adversary techniques without degrading performance.
Share your email and context. We will draft your inquiry in your email client.