I break things apart to understand how they work.
$I'm Nico — 18, Mar del Plata, Argentina.
I study programming at UTN and spend most of my time
learning.
$My focus is Windows Internals and Reverse Engineering —
process mechanics, memory subsystems, undocumented NT APIs,
and how the kernel structures things no official doc fully explains.
$Started coding at 13. Everything I know about low-level systems
is self-taught — built by reading source, reversing binaries,
and breaking things until I understand why they break.
$Outside the terminal I play guitar, bass & drums —
I record and produce my own tracks from scratch.
External process inspector with a DX11 overlay rendered in
ZBID_IMMERSIVE_NOTIFICATION band — the same layer used by
Windows system notifications. Bypass windows composition through avoiding transparenct (replaced by IDXGIOutputDuplication)
Read-only memory access via inherited handle
traversal. Sub-millisecond visual latency. Invisible to screen capture.
Creates windows in ZBID_IMMERSIVE_NOTIFICATION band by
injecting into explorer.exe — no certificate or manifest required.
Renders above fullscreen applications and Task Manager.
Documents an undocumented NtUser interface.
Reads and writes process memory without opening new handles —
by locating a process that already holds an inheritable handle to the target
via NtQuerySystemInformation, then routing operations through it.
Demonstrates a lesser-documented Windows handle inheritance mechanic.
Code execution via NtSetInformationProcess instrumentation callbacks
(Nirvana Hooks). Executes in a remote process immediately after any syscall returns —
no CreateRemoteThread required.
Relevant to EDR/AV internals and syscall-level tracing research.
Technical writeups, research notes and deep dives
into Windows internals & reverse engineering.
Got a proposal, research idea, or want to collaborate?
Send a signal.