whoami
Kazuma Matsumoto
Hi. I'm interested in offensive security and AI-assisted security research. I break things to understand how they work, then write it up so others can follow the same path without the dead ends.
Most of what I publish here is the kind of work that starts with a question nobody has publicly answered — an undocumented Windows mechanism, a protocol edge case, a trust boundary that exists on paper but not in code. The write-ups are honest about what was proven on the VM versus what remains hypothesis.
I'm still learning as I go. This blog is my notebook, shared openly.
Interests
- Windows internals
- Linux internals
- Reverse engineering
- AI-assisted security research
- Web application security
Approach
- RE the undocumented mechanism first
- Prove it on real hardware, not in theory
- Write the developer's implicit invariant, then break it
- Every finding ships a detection alongside the primitive
Disclosure policy
Vulnerabilities are reported to the vendor before publication. Each post states the vendor's response and the timeline. Proof-of-concept code is for reproduction and defense — not for use against systems you don't own.