Blackbird Alpha
Windows kernel DFIR endpoint detection pipeline and malware analysis platform built around a KMDF driver, a userland sensor, detection-chain correlation, and an operator cockpit designed for evidence-first triage.
FEATURED TITAN PROJECTS
Dynamic direct-syscall framework for Windows, built as a modern SysWhispers/Hell's Gate successor for AV/EDR research and hooking-aware execution.
Rust control-flow hardening and obfuscation: proc-macro transforms functions into dispatcher-style execution with randomized noise to raise the cost of static analysis and reversing.
Post-build string protection for Windows; encrypts eligible literals, stores metadata in a PE section, and decrypts on-demand at runtime to reduce static string exposure.
Compile-time string encryption for Rust via proc macros with multiple engines, generating encrypted blobs at build time and compact runtime decrypt shims.
Lightweight Windows ETW telemetry for detecting untrusted processes accessing protected filesystem resources.
Articles & Technicals
OFFENSIVE SECURITY WITH ENGINEERING DISCIPLINE
Windows reversing & capability development
We reverse engineer Windows internals, build novel offensive tooling, and translate those findings into new detection and methodology ideas—blurring the line between craft development and defender tooling.
Detection methodology & instrumentation
We invent detection methodology, stress-test it with real sensor data, and bake the learnings into automation so blue teams get precise, actionable signals rather than consultancy artifacts.
Priv esc telemetry & edge detection
We capture kernel/user boundary signals, enrich priv-esc telemetry, and fortify instrumentation so peripheral controls can surface novel adversary techniques without degrading performance.