News
- 2026 Published the monograph Kernel Protection of Operating Systems Under Countermeasures.
- 2023 Presented ALPChecker: Detecting Spoofing and Blinding Attacks at HITBSecConf Phuket.
- 2022 Presented Blasting Event-Driven Cornucopia at Black Hat USA, LABScon, and Ekoparty.
- 2021 Presented Veni, No Vidi, No Vici: Attacks on ETW Blind EDR Sensors at Black Hat Europe.
- 2020 Presented Windows Kernel Hijacking is Not an Option: MemoryRanger Comes to the Rescue Again at HITB Lockdown 002.
- 2018 Presented Divide et Impera: MemoryRanger Runs Drivers in Isolated Kernel Spaces at Black Hat Europe.
Recent Talks
ALPChecker: Detecting Spoofing and Blinding Attacks
HITBSecConf Phuket, 2023
Blasting Event-Driven Cornucopia: WMI-based User-Space Attacks Blind SIEMs and EDRs
Black Hat USA, 2022
Kernel Hijacking is Not an Option: MemoryRanger Comes to the Rescue Again
HITB Lockdown 002, 2020
Protected Process Light is not Protected: MemoryRanger Fills the Gap Again
IEEE S&P Workshops / Texas Cyber Summit, 2021
Recorded Talks on YouTube
Windows Built-in Sandbox Disables Microsoft Defender and other EDR/AV
Blinding Endpoint Security Solutions: WMI attack vectors
Blasting Event-Driven Cornucopia: WMI-based User-Space Attacks Blind SIEMs and EDRs
Microsoft Defender Will Be Defended - MemoryRanger Prevents Blinding Windows AV
Veni, No Vidi, No Vici: Attacks on ETW Blind EDR Sensors
Protected Process Light Will Be Protected
Your Linux Passwords Are in Danger: MimiDove Meets the Challenge
Kernel Hijacking Is Not an Option
Divide et Impera: MemoryRanger Runs Drivers in Isolated Kernel Spaces
International Project Collaboration
- 2016-2017 Satoshi Tanda, Japan / Canada: collaboration on Windows hypervisor research and PoC development.
- REcon 2016: Monitoring & Controlling Kernel-Mode Events by HyperPlatform.
- ADFSL 2017: Detect Kernel-Mode Rootkits via Real-Time Logging & Controlling Memory Access.
- Publication with S. Tanda in the ADFSL Conference on Digital Forensics, Security and Law proceedings.
- 2020-2022 Binarly, USA: architecture analysis of modern AV/EDR weaknesses and research PoC development.
- Black Hat Europe 2021: Veni, No Vidi, No Vici: Attacks on ETW Blind EDR Sensors.
- Black Hat USA 2022: Blasting Event-Driven Cornucopia.
- LABScon 2022 and Ekoparty 2022: WMI attack-vector talks and public research materials.
- 2019-2023 Huawei:
- Patent collaboration with Hu Kekai: US20230289465A1, kernel memory-protection technology developed in the context of the Linux Sandbox project.
- Chong-Ming Lab collaboration with Ma Chun Fei, Hu Gang, and Huang Mengyu: data storage protection technologies; Huawei Future Star Award, 2023.
- VIKA / Cloud Service Competence Center collaboration with Liu PinPing (Katelyn) and Evgeny Smirnov: Windows Unified Crypto Service components and protection algorithms for Windows applications; Windows Security Team Excellent Team Award, 2022.
Conference Record
| Year | Conferences and venues |
|---|---|
| 2025 | MEPhI CIB / КИБ Moscow (Russia). |
| 2023 | HITBSecConf Phuket (Thailand). |
| 2022 | Black Hat USA (USA), LABScon (USA), Ekoparty (Argentina), ADFSL (USA), ROOTCON (Philippines). |
| 2021 | Black Hat Europe (UK), IEEE S&P Workshops / SADFE (USA), Texas Cyber Summit (USA). |
| 2020 | HITB Lockdown 002 (Singapore / online), Journal of Digital Forensics, Security and Law (USA). |
| 2018-2019 | Black Hat Europe (UK), ADFSL (USA), Journal of Digital Forensics, Security and Law (USA). |
| 2016-2017 | REcon Montreal (Canada), ADFSL (USA). |
| 2014-2015 | ADFSL (USA), Journal of Digital Forensics, Security and Law (USA). |
| 2012 | Methods and Technical Means of Information Security / MTSOBI, Saint Petersburg (Russia). |
| 2011 | Infoforum (Russia), Youth and Science / MEPhI (Russia), MTSOBI, Saint Petersburg (Russia), Telecommunications and New Information Technologies in Education / MEPhI (Russia), RusCrypto (Russia), ISP RAS seminar (Russia), Bauman MSTU seminar (Russia). |
| 2010 | Infoforum (Russia), MTSOBI, Saint Petersburg (Russia), Youth and Science / MEPhI (Russia). |
| 2009 | Infoforum / Problems of Information Security in Higher Education (Russia). |
Academic Advising and Journal Review
Academic supervision
Invited academic supervisor at MEPhI since 2013, advising undergraduate and graduate research in information security. More than 30 graduates have defended diplomas and joined security teams in Russian and International companies.
- State Examination Board, Moscow Engineering Physics Institute.
- MEPhI student research topics include ETW-based malware detection, Windows memory forensics, rootkit detection, RASP for LSASS, ALPChecker, Defender security analysis, and sandboxing attacks.