Naor Evgi
Tel Aviv,TA
Summary
Over 4 years of hands-on experience in deep low-level Windows security research and exploit development. Highly skilled in reverse engineering both Windows Kernel-Mode and User-Mode, driver/kernel debugging, and patch-diffing for 1-day/zero-day exploitation findings. Expert in undocumented structures, Windows internals, and kernel exploitation techniques. Strong software development background in C, C++, Python, .NET and assembly. Proven ability to build detection/response content on platforms like Splunk, CrowdStrike and Cortex XDR, lead incident response teams, perform threat hunting and forensic investigations, and deliver detailed technical write-ups to the security community.
Overview
4
4
years of professional experience
Work History
Red Team & Vulnerability Research
WhiteHat
10.2023 - Current
- Specialized in Windows vulnerability research, reverse engineering, and low-level exploit development.
- Conducted deep-dive binary and kernel-level investigations to identify vulnerabilities and assess exploitation feasibility.
- Performed patch-diffing and root-cause analysis to discover 1-day vulnerabilities and develop proof-of-concept exploits.
- Developed and customized IDA Pro plugins and automation tools to accelerate code review and vulnerability triage.
- Applied unpacking and deobfuscation techniques to analyze protected binaries and extract hidden logic or attack surfaces.
- Proficient in C, C++, Python, and Assembly for low-level research, exploit prototyping, and custom tool development.
- Collaborated with security engineering and detection teams to translate research findings into improved mitigations and detections.
Head of Incident Response
WhiteHat
11.2022 - 10.2023
- Demonstrated proficiency in the utilization of both static and dynamic analysis tools such as WinDbg, OllyDbg, x64Dbg, IDA, Ghidra, and Sysinternals.
- Accomplished in conducting reverse engineering tasks on x86/x64 assembly architecture.
- Skilled in circumventing and bypassing anti-debugging and anti-VM mechanisms, as well as proficient in unpacking techniques.
- Strong development background in C/C++ programming languages.
- Actively contributing to the professional community by blogging about malware analysis.
- Proven leadership experience in directing research teams and managing projects.
- Effectively performing malware analysis and research for Incident Response and monitoring activities.
Cyber Defense Incident Responder & Threat Hunter
WhiteHat
10.2021 - 11.2022
- Possess a strong understanding of Windows internals.
- Proficient in gathering cyber intelligence information, encompassing both Clear and Dark Web, as well as OSINT research.
- Experienced in managing advanced information security incidents and operating SIEM systems such as Qradar, Splunk, and CrowdStrike.
- Boasts extensive expertise in security systems, including Firewall, EDR, and Anti-Virus.
- Able to conduct in-depth Memory Forensics analyses.
- Skilled in performing digital forensics research and analysis, operating forensic tools such as Autopsy, Axium, and Sysinternals.
- Capable of building a bespoke investigation tool for Windows environments.
- Expert at leveraging APIs and scripting tools to perform daily security tasks, including data collection and operating system manipulation.
Education
Everyday Ghidra Practical Windows Reverse Enginee -
Ringzer0
Online03-2025
No Degree - Targeted Malware Reverse Engineering
Kaspersky
Online06.2024
Certified Malware Analysis Professional - CMAP
Malwareanalysis.co
Online06.2023
RED TEAM Operator: Malware Development Essentials - Malware Development
Sektor7
Online02.2023
Certified Malware Analysis Professional - ECMAP
ELearnSecurity
Online10.2022
Cybersecurity Practitioner - CyberPro
INT College
Online07.2020
Skills
- Windows vulnerability research Kernel & driver reverse engineering Patch-diffing for 1-day findings Exploit prototyping IDA Pro WinDbg C/C/Python Fuzzing x86/x64 Assembly COM analysis Memory-corruption exploitation (ROP, heap, stack, SEH, UAF, double-UAF, race conditions) PoC development
- Memory & malware forensics (Volatility) Unpacking & deobfuscation (stubs, packers) IDA Pro plugins & automation for accelerated code review Dynamic unpacking & API tracing Anti-analysis technique analysis & stub reconstruction YARA signature development & IOC creation Detection engineering (Splunk, CrowdStrike, Cortex XDR)
Security Research Blog
- https://medium.com/@naore32/not-just-another-dll-sideloading-blog-this-one-gets-you-localservice-privileges-27bc798c1792
- https://medium.com/@naore32/decoding-ktlvdoor-navigating-golangs-maze-in-malware-reverse-engineering-5a6708f8680f
- https://medium.com/@naore32/beyond-the-main-unearthing-sneaky-functions-521f593ebeb3
- https://medium.com/@naore32/scrubcrypt-malware-analysis-exposing-the-c-c-command-109241e4543b
- https://medium.com/@naore32/dissecting-blackbyte-ransomware-part-1-904a8752ac9a
- https://medium.com/@naore32/agenda-malware-analysis-cd82402153db
- https://medium.com/@naore32/behind-the-code-dissecting-agent-teslas-malware-mechanics-2c1a4f684186
Languages
Hebrew
Native language
English
Advanced
C1
Chinese (Mandarin)
Elementary
A2
Timeline
Red Team & Vulnerability Research
WhiteHat
10.2023 - Current
Head of Incident Response
WhiteHat
11.2022 - 10.2023
Cyber Defense Incident Responder & Threat Hunter
WhiteHat
10.2021 - 11.2022
Everyday Ghidra Practical Windows Reverse Enginee -
Ringzer0
No Degree - Targeted Malware Reverse Engineering
Kaspersky
Certified Malware Analysis Professional - CMAP
Malwareanalysis.co
RED TEAM Operator: Malware Development Essentials - Malware Development
Sektor7
Certified Malware Analysis Professional - ECMAP
ELearnSecurity
Cybersecurity Practitioner - CyberPro
INT College