Igor Korkin
@IgorKorkin◾Cyber Security researcher & expert. ◾OSes, hypervisors, malware, and protection technologies, including their limitations. ◾Speaker, author & developer.
Language Breakdown
Lines of code distribution across 17 owned repositories
T-Shaped Developer
T-shapedDeep in C++ with broad versatility
Collaboration Network
Global Impact visualization
Repos
110
PRs
0
Growth
+18%
Top Collaborators
No collaborator data yet.
Coding Streak
Contribution activity over the past year
Alexander Tarasenko
@atarasenko
Cassius Garat
@garatc
Asuka Nakajima
@AsuNa-jp
r5by
@r5by
Alex Matrosov
@matrosov
Top Repositories
MemoryRanger protects kernel data and code by running drivers and hosting data in isolated kernel enclaves using VT-x and EPT features. MemoryRanger has been presented at the BlackHat, HITB, CDFSL.
This is the first software system, which can detect a stealthy hypervisor and calculate several nested ones even under countermeasures.
AllMemPro
This project demonstares an illegal read- and write- access to the kernel-mode data for both allocated by 3rd party drivers and EPROCESS structures
Legal access: The driver and console app to demonstrate the basic memory access in kernel mode
The demo of RtlTestProtectedAccess() and RtlProtectedAccess involved in creation Protected Process.
This project demonstrates allocation and legal access to the allocated data in the kernel mode.
Illegal access: the driver and console app to demo unauthorized read- and write- access to the kernel-mode memory
The section includes all the information about my research result: papers, slides, speeches, etc.
This project demonstrates the privilege escalation for a user-mode process - cmd.exe using stack overflow in the kernel mode driver. The user-mode component 'testbed_console.exe' sends CTL_CODE with a payload to the vulnerable driver 'testbed_driver.sys', which call RtlCopyMemory without any checks. 'testbed_console.exe' includes 'testbed_driver.sys' has a resource.
Open Source Impact
Contributions to external projects
