technical writing
Deep-dives on closed-source work. How things were designed, what I learned, and what I'd do differently. No sensitive code — just the thinking behind it.
The VMXON sequence is deceptively simple on paper but requires precise setup of the VMCS. The most critical fields are HOST_CR3 and GUEST_CR3 — getting these wrong causes immediate triple-faults. EPT violations were the hardest to debug: an errant TLB flush caused my monitored pages to return stale physical addresses.
The database choice was the first major decision. I needed ACID guarantees for message persistence but didn't want to fight an ORM. SQLx gives compile-time checked queries without the abstraction overhead. The WebSocket layer uses a DashMap of connection states with per-user broadcast channels.
The driver needed to map shared pages into both kernel and user address spaces. I used MmAllocateMdlForIoSpace with MDL_MAPPING_SYSTEM_VA, but the real complexity was lifetime management. The driver maintains a list of active MDLs with a sequence number protocol to detect stale mappings after process restart.
Building an external cheat with kernel-to-usermode communication, DirectX overlay rendering, pattern scanning, and ESP/aimbot algorithms.
hypervisor · vmx · ept · ↑ featured above ArkVisor: Type-1 Hypervisor ImplementationHow ArkVisor works: VMX entry and exit, EPT memory virtualization, hypercall dispatch, and driver-hypervisor integration.
kernel driver · stealth · hid · ↑ featured above WdFilterDrv: Stealth Kernel Driver DesignDesigning shared memory IPC across the kernel/user boundary, HID mouse injection, anti-detection techniques, and driver unlinking.
kernel driver · shared memory CS2ExternDrv: Minimal R/W DriverA minimal kernel driver using shared memory only (no IOCTL), designed for kdmapper loading with process whitelisting.
driver mapper · exploitation kdmapper: Vulnerable Driver ExploitationHow kdmapper works: exploiting iqvw64e.sys for kernel execution, manual PE mapping, and kernel-mode fingerprint clearing.
dll injection · pe mapping ManualMapDrv: Manual DLL InjectionKernel-mode manual PE mapping without LoadLibrary, process whitelisting, and user-mode loader architecture.
vulnerability scanning · ioc BYOVD Scanner: Driver Vulnerability DetectionStatic analysis for identifying drivers vulnerable to BYOVD attacks, IOC generation, and signature-based detection.
memory tools · client-server RnW-Drv: Memory Operations FrameworkThree-tier architecture: kernel driver, C++ backend server, and Python GUI frontend for memory read/write operations.
full stack · rust · websockets · ↑ featured above Flux: High-Performance Messaging PlatformArchitecture decisions behind a WebSocket server in Axum/Tokio, real-time state management, and the data model designed for scale.
fbla · accessibility · offline-first SpotLocal: FBLA Competition ProjectOffline-first React app for local business discovery. Zero-cost infrastructure, full accessibility compliance, privacy-centric design.
cybersecurity · red team · python Cybersecurity Research FrameworkEducational APT simulation framework for security research and incident response training. Multi-channel C2, evasion techniques.
data analytics · snowflake · sql Yelp Restaurant AnalyticsCloud data warehouse pipeline analyzing Yelp reviews. Multi-phase SQL architecture, sentiment analysis, automated execution.
binary analysis · pe · disassembly Atlus: Binary Diff Engine ArchitectureFour-level diffing: byte, section, function, and AOB pattern generation. Zydis integration, Ghidra decompiler support, and Dear ImGui docking GUI.
game modding · memory editing · react Rune Editor: ELDEN RING Memory ToolReact frontend with C++ backend for process memory access. Win32 API, pointer chain resolution, HTTP server, and standalone packaging.
game hacking · dll injection · rust Helldivers 2: Cheat FrameworkDLL injection framework with DirectX overlay, anti-cheat bypass, pattern scanning, and inter-process communication.
desktop app · rust · win32 api Gif-Engine: Multi-Process Animation ManagerDesktop GIF animation manager with per-pixel alpha transparency, multi-process isolation, and window anchoring ("pet mode").