Skip to content
View tobiaskocur's full-sized avatar
🎯
Focusing
🎯
Focusing
7 followers · 2 following
  • Slovakia
  • 01:43 (UTC +02:00)

Achievements

Achievement: StarstruckAchievement: Public SponsorAchievement: QuickdrawAchievement: YOLOAchievement: Pull Shark

Achievements

Achievement: StarstruckAchievement: Public SponsorAchievement: QuickdrawAchievement: YOLOAchievement: Pull Shark

Block or report tobiaskocur

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
tobiaskocur/README.md

Tobias | Systems & Security Engineer

🇸🇰 Slovakia  •  System Security  •  Kernel Development  •  Reverse Engineering

"Security through opacity is not security. I break systems to build them stronger."





Technical Arsenal

Core Engineering System Internals Analysis & Debugging













BSOD
POV: You acquired the spinlock at DISPATCH_LEVEL but touched paged memory...

Deep-Dive Projects

 Aegis  |  Kernel Protection Driver (PoC)

A kernel-mode driver focused on reducing user-mode tampering against protected processes.

  • Access Control: Uses ObRegisterCallbacks to filter/strip handle permissions.
  • Hardening (WIP): Researching safe kernel telemetry + anti-tamper patterns (no "magic stealth claims").
  • Stack: C  WDK  Kernel synchronization  IRQL-aware code

 Mindly  |  iOS Protocol Tooling

A digital detox tool that interfaces with iOS devices over USB to enforce restriction profiles.

  • Protocol work: Exploring iOS configuration / MDM-related workflows via libimobiledevice.
  • Implementation: Desktop UX using ImGui, device control via USB stack.
  • Stack: C++  USB protocols  Reverse engineering mindset

 Sajko.sk  |  Session Replay Platform

Enterprise-grade session replay & analytics platform with a real-time event pipeline.

  • Pipeline: Ingest → process → store → replay user sessions.
  • Stack: TypeScript  Next.js  PostgreSQL  WASM

Current Research & Deep Dives

I learn systems security by debugging real artifacts and writing tooling around them:

  • Windows Internals: scheduler, EPROCESS/KTHREAD, handle tables, callbacks
  • Kernel dev: WDK, IRQL rules, sync primitives, IOCTL design
  • RE practice: static + dynamic analysis, patching, small PoCs
  • Writing: turning findings into writeups (planned: blog repo)

Code Glimpse

#include <ntddk.h>

NTSTATUS DriverEntry(_In_ PDRIVER_OBJECT DriverObject, _In_ PUNICODE_STRING RegistryPath) {
    UNREFERENCED_PARAMETER(RegistryPath);

    DriverObject->DriverUnload = NULL;
    DbgPrintEx(DPFLTR_IHVDRIVER_ID, DPFLTR_INFO_LEVEL, "Aegis: Driver loaded.\n");

    return STATUS_SUCCESS;
}

Uplink

   

Pinned Loading

  1. aegis aegis Public

    Kernel-mode process protection driver with user GUI

    C++ 54 1

  2. mindly_dock mindly_dock Public

    Dumb Phone method for iOS written in C++, leveraging libimobiledevice and iOS profiles

    C++ 1

  3. sajko-tracker sajko-tracker Public

    Forked from sajkoapp/sajko-tracker

    Advanced session replay and analytics for modern web apps

    TypeScript

  4. sajkoapp/sajko-tracker sajkoapp/sajko-tracker Public

    Advanced session replay and analytics for modern web apps

    TypeScript 1

  5. fitspace fitspace Public

    Objective-C

  6. cryptoweb cryptoweb Public

    JavaScript