Alex Ionescu

Chief Architect at Crowdstrike, Alex Ionescu is a world-class security architect and expert in low-level system software, kernel development, security training and reverse engineering. He is coauthor of the last two editions of the Windows Internals series, along with Mark Russinovich and David Solomon. His work has led to the fixing of many critical kernel vulnerabilities, as well as to over a few dozen non-security bugs. Ionescu is also the founder of Winsider Seminars & Solutions Inc., a company that specializes in low- level system software, reverse engineering and security trainings for various institutions.

Articles from Alex

Solving Intractable Performance Problems Through Vertical Engineering

Solving Intractable Performance Problems Through Vertical Engineering

Owning the Image Object File Format, the Compiler Toolchain, and the Operating System As the Windows kernel continues to pursue…

New Protection Capability Of Falcon For Mac: Improving Security With SUIDGuard

New Protection Capability of Falcon for Mac: Improving Security With SUIDGuard

A comprehensive Next-Generation Endpoint Protection strategy shouldn’t just be about reacting and responding to threats, but also be complemented by…

Sheep Year Kernel Heap Fengshui: Spraying In The Big Kids’ Pool

Sheep Year Kernel Heap Fengshui: Spraying in the Big Kids’ Pool

The State of Kernel Exploitation The typical write-what-where kernel-mode exploit technique usually relies on either modifying some key kernel-mode data…

Protected Processes Part 3: Windows PKI Internals (Signing Levels, Scenarios, Signers, Root Keys, EKUs & Runtime Signers)

Protected Processes Part 3: Windows PKI Internals (Signing Levels, Scenarios, Signers, Root Keys, EKUs & Runtime Signers)

In this last part of our series on protected processes in Windows 8.1, we’re going to be taking a look…

The Evolution Of Protected Processes Part 2: Exploit/Jailbreak Mitigations, Unkillable Processes And Protected Services

The Evolution of Protected Processes Part 2: Exploit/Jailbreak Mitigations, Unkillable Processes and Protected Services

In this continuing series on the improvements of the protected process mechanism in Windows, we’ll move on past the single…

The Evolution Of Protected Processes – Part 1: Pass-the-Hash Mitigations In Windows 8.1

The Evolution of Protected Processes – Part 1: Pass-the-Hash Mitigations in Windows 8.1

It was more than six years ago that I first posted on the concept of protected processes, making my opinion of this poorly…

KASLR Bypass Mitigations In Windows 8.1

KASLR Bypass Mitigations in Windows 8.1

As some of you may know, back in June of 2013, I gave a talk at Recon, a security conference in Montreal, about…

 

Stop Breaches with CrowdStrike Falcon request a live demo