whoami

Kazuma Matsumoto

Hi. I'm interested in offensive security and AI-assisted security research. I break things to understand how they work, then write it up so others can follow the same path without the dead ends.

Most of what I publish here is the kind of work that starts with a question nobody has publicly answered — an undocumented Windows mechanism, a protocol edge case, a trust boundary that exists on paper but not in code. The write-ups are honest about what was proven on the VM versus what remains hypothesis.

I'm still learning as I go. This blog is my notebook, shared openly.

Interests

  • Windows internals
  • Linux internals
  • Reverse engineering
  • AI-assisted security research
  • Web application security

Approach

  • RE the undocumented mechanism first
  • Prove it on real hardware, not in theory
  • Write the developer's implicit invariant, then break it
  • Every finding ships a detection alongside the primitive

Disclosure policy

Vulnerabilities are reported to the vendor before publication. Each post states the vendor's response and the timeline. Proof-of-concept code is for reproduction and defense — not for use against systems you don't own.