my name is Dominik and I’ve been hunting and taking malware apart for over 15 years.

It all started when I stumbled upon a trojan called Netbus in the late ’90s. It was exciting to see what you can do with such a tool, even though I had no idea how it worked. Nevertheless, I had reached the point of no return to learn more about the world of abusing APIs, interfaces or software/hardware for malicious purposes aka malware development.

While roaming for a few years on various malware and rootkit related forums, around the same time I’ve discovered the fascinating topic of reverse-engineering. I was struck by the fact that you could rebuild software to understand how it works.

Later, around 2009 when my computer was infected with the famous TDL rootkit, I became hooked on finding out how this could happen and what the malware does. At that time, I found the Sysinternals forums that had many like-minded people who were much more skilled than I was. It was a great opportunity to learn more about malware analysis and connect with the forum members.

After the Sysinternals forums fell apart due to spams and inactivity by its admins, a few people and I founded Kernelmode.info. It lasted for nearly 10 years with tons of great contributions from many different individuals, before we closed it in 2019. During these years, I’ve also worked for ESET for a short period as an article writer who describes malicious threats.

In late 2016, I applied for and was hired as a malware researcher at Palo Alto Networks. It was an incredible opportunity for me to work in a professional environment and learn from other more skilled people. While I’m still there today, in the meantime I’ve moved to a software engineer role.

This website was created with the help of Jekyll, whiteglass (modified) and A Magic Rpg Enemy.