Core Kernel and Security

DriverEntry is the entry point for kernel mode device drivers in the Microsoft Windows Kernel. Kernel mode software runs in an extremely privileged mode called RING 0 and represents a view to the operating system kernel and, more generally, platform security.

DriverEntry.com is a non-profit community resource to share tools, source code, and discuss kernel and security matters for all platforms. DriverEntry.com is not selling products or seminars - it is an open forum for security researchers and system engineers. As a security researchers community, we try to avoid the blind view that the documented approach is the only approach. Within DriverEntry.com we welcome novel and unique approaches to problems.

Forums are divided into OS Development (DEV) for developer discussions, OS Internals (INT) for OS internals discussions, OS Security (SEC) for security discussions, OS Debugging (DBG) for debugging discussions, and OS hardware specific features (HYP or SEP). Forums are grouped by the following OS platform:- 

     

Our Team

Yarden Shafir
Yarden is a Software Engineer at Crowdstrike, working on EDR features, and a consultant for Winsider Seminars & Solutions Inc., co-teaching security trainings. Previously, she worked at SentinelOne as a security researcher and QA engineer. Outside of her primary work duties, Yarden writes articles and tools and gives talks and workshops about various topics such as CET internals, extension host hooking and kernel exploit mitigations. Outside of infosec, Yarden is a circus artist, teaching and performing aerial arts.
Show more
Yarden is a Software Engineer at Crowdstrike, working on EDR features, and a consultant for Winsider Seminars & Solutions Inc., co-teaching security trainings. Previously, she worked at SentinelOne as a security researcher and QA engineer. Outside of her primary work duties, Yarden writes articles and tools and gives talks and workshops about various topics such as CET internals, extension host hooking and kernel exploit mitigations. Outside of infosec, Yarden is a circus artist, teaching and performing aerial arts.
Show less
Alex Ionescu
Alex Ionescu is a world-class security architect and expert in low-level system software, kernel development, security training and reverse engineering. He is coauthor of the last two editions of the Windows Internals series, along with Mark Russinovich and David Solomon. His work has led to the fixing of many critical kernel vulnerabilities, as well as to over a few dozen non-security bugs. Ionescu is also the founder of Winsider Seminars & Solutions Inc., a company that specializes in low- level system software, reverse engineering and security trainings for various institutions.
Show more
Alex Ionescu is a world-class security architect and expert in low-level system software, kernel development, security training and reverse engineering. He is coauthor of the last two editions of the Windows Internals series, along with Mark Russinovich and David Solomon. His work has led to the fixing of many critical kernel vulnerabilities, as well as to over a few dozen non-security bugs. Ionescu is also the founder of Winsider Seminars & Solutions Inc., a company that specializes in low- level system software, reverse engineering and security trainings for various institutions.
Show less
Mark Dowd
Mark is a director and founder of Azimuth Security, and brings over 10 years of security experience to the team. The bulk of his professional career has been focused in the area of application security research. Mark spent a number of years as a senior researcher at IBM's Internet Security Systems (ISS) X-Force, during which he discovered a number of high-profile vulnerabilities in ubiquitous Internet software. In addition to professional vulnerability research, Mark's previous experience includes serving as a principal security architect for McAfee, as well as performing a variety of information security consulting services independently and for ITAC Consulting.

Mark's vulnerability research record speaks for itself. Over the last decade, Mark has identified and helped remediate critical remotely exploitable security vulnerabilities in Sendmail, Microsoft Exchange, OpenSSH, Internet Explorer, Mozilla Firefox, Adobe Flash, Checkpoint VPN, and Microsoft's SSL implementation. In addition to his vulnerability research, Mark has published several technical research papers, and was a co-author of the Addison-Wesley Professional book "The Art of Software Security Assessment". He was the winner of the 2009 Google Native Client Security Contest. Mark regularly speaks at industry conferences, including BlackHat, CanSecWest, PacSec, and Ruxcon.
Show more
Mark is a director and founder of Azimuth Security, and brings over 10 years of security experience to the team. The bulk of his professional career has been focused in the area of application security research. Mark spent a number of years as a senior researcher at IBM's Internet Security Systems (ISS) X-Force, during which he discovered a number of high-profile vulnerabilities in ubiquitous Internet software. In addition to professional vulnerability research, Mark's previous experience includes serving as a principal security architect for McAfee, as well as performing a variety of information security consulting services independently and for ITAC Consulting.

Mark's vulnerability research record speaks for itself. Over the last decade, Mark has identified and helped remediate critical remotely exploitable security vulnerabilities in Sendmail, Microsoft Exchange, OpenSSH, Internet Explorer, Mozilla Firefox, Adobe Flash, Checkpoint VPN, and Microsoft's SSL implementation. In addition to his vulnerability research, Mark has published several technical research papers, and was a co-author of the Addison-Wesley Professional book "The Art of Software Security Assessment". He was the winner of the 2009 Google Native Client Security Contest. Mark regularly speaks at industry conferences, including BlackHat, CanSecWest, PacSec, and Ruxcon.
Show less
John McDonald
John McDonald

John is a director and founder of Azimuth Security, who brings over a decade of security experience to the team. John's professional experience has been focused on software security, split evenly between vulnerability research and security consulting. John has held positions as a senior security researcher for IBM's Internet Security Systems X-Force and NAI Covert Labs (now McAfee). He spent five years as a senior security consultant for Neohapsis, where he was responsible for security engagements ranging from network penetration tests to in-depth focused manual source code reviews of COTS software. His experience is rounded out by a tour of duty as a security architect for Citibank, and participation in various professional development efforts.

As a vulnerability researcher, John has identified and helped resolve numerous critical vulnerabilities, including remotely exploitable issues in QuickTime, XviD, Solaris, BSD, Checkpoint FireWall-1, OpenSSL, and BIND. John is also a co-author of Addison Wesley's "The Art of Software Security Assessment." He has published multiple papers over the years, and presents his research at industry conferences such as BlackHat and CanSec West.
Show more
John McDonald

John is a director and founder of Azimuth Security, who brings over a decade of security experience to the team. John's professional experience has been focused on software security, split evenly between vulnerability research and security consulting. John has held positions as a senior security researcher for IBM's Internet Security Systems X-Force and NAI Covert Labs (now McAfee). He spent five years as a senior security consultant for Neohapsis, where he was responsible for security engagements ranging from network penetration tests to in-depth focused manual source code reviews of COTS software. His experience is rounded out by a tour of duty as a security architect for Citibank, and participation in various professional development efforts.

As a vulnerability researcher, John has identified and helped resolve numerous critical vulnerabilities, including remotely exploitable issues in QuickTime, XviD, Solaris, BSD, Checkpoint FireWall-1, OpenSSL, and BIND. John is also a co-author of Addison Wesley's "The Art of Software Security Assessment." He has published multiple papers over the years, and presents his research at industry conferences such as BlackHat and CanSec West.
Show less