Simon Lucky

Security Researcher

I am a systems security engineer specializing in vulnerability research, penetration testing, and low-level systems security—from RTOS and embedded firmware down to the hypervisor. My mission is simple: attack the stack. I build custom offensive tooling to stress-test platform services and dissect threat-actor malware to reverse-engineer their TTPs. I find the most satisfaction in the deep, low-level puzzles: tracing a vulnerability from a high-level driver to a kernel race condition, or exploiting a bootloader logic bug to break a secure boot chain. Lately, I’ve been treating hypervisors like digital escape rooms. I spend my time reverse-engineering emulated hardware—like QEMU’s virtual network cards—to hunt for memory corruption, probing the management layers where a clever guest can trick the host. Every hypervisor feels like a giant puzzle box waiting to be solved. That obsession with isolation boundaries has naturally extended my research into mobile platform internals and Android kernel security, where I analyze raw firmware binaries, write native hooks to audit kernel-space memory maps, and exploit vulnerabilities at the ARM architecture level to bypass OS mitigations. In my hobbyist capacity, I’ve been experimenting with blockchain infrastructure and confidential computing as my playground. Instead of auditing smart contracts, I treat decentralized networks like distributed operating systems. I spend my research hours hunting for sandbox escapes in sBPF runtimes and node execution engines, while probing Trusted Execution Environments (TEEs) like Intel SGX for micro-architectural leaks that could expose cryptographic keys. This deep dive into hardware enclaves naturally led me to the silicon itself. I’ve been learning how to use Hardware Description Languages (HDLs) like Verilog and VHDL to build and test custom hardware pipelines on FPGAs. Verifying these hardware structures feels remarkably similar to auditing a software state machine—it’s the final piece of the puzzle to understanding the full stack from the ground up. When I’m not deep in disassemblers, debuggers, or proxy logs, you’ll find me tracking vulnerability disclosures and contributing to open-source security projects. It’s how I stay sharp, and how I ensure the next bug I find isn't the last one standing between a secure system and a well-fed adversary. This site serves as a personal log of my learning journey, independent research, offensive tooling, and reverse engineering projects. Everything shared here is my own work and has no connection to my professional affiliations.

Cyber Arsenal Read Journal

Languages and tools I use :

I approach security from a polyglot perspective, working across a dozen programming languages spanning systems development, scripting, and hardware design. This range is fundamental to how I analyze complex attack surfaces, allowing me to not only find flaws but fundamentally understand their root causes from the application layer down to the silicon. Python serves as my go-to for rapid prototyping of exploits and offensive tooling, while C and Rust provide the granular control needed to dissect memory corruption and build resilient platform utilities. Fluency in Assembly is non-negotiable for my reverse-engineering and binary analysis work, which I pair with HDLs for custom hardware design. To push past traditional analysis, I leverage the Lean proof assistant to formally verify cryptographic implementations, model attack surfaces, and mathematically prove the security properties of protocols. This systems focus is rounded out by a highly practical automation and post-exploitation stack: utilizing Go for high-performance backend services, Lua for embedded scripting, Bash for environment automation, and deep PowerShell mechanics to dissect modern adversary tradecraft. Ultimately, this background ensures that no matter what paradigm a target environment is built on, I can adapt, dissect it, and break it.

Highlights :

See some of my blog post hightlights below :
image

Leaving .NET Behind at the Crime Scene: Implementing EDR evasion, DPAPI decryption, and macOS Keychain access in Rust.
5 months, 3 weeks5 min read8 comments
Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quam felis, ultricies nec, pellentesque eu, pretium quis, sem. Nulla consequat massa quis enim. Donec pede justo, fringilla vel, aliquet nec, vulputate …
Read more →
image

Building a Security Development Lifecycle (SDL) for Embedded Systems: Lessons from the Trenches
5 months, 3 weeks5 min read8 comments
Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quam felis, ultricies nec, pellentesque eu, pretium quis, sem. Nulla consequat massa quis enim. Donec pede justo, fringilla vel, aliquet nec, vulputate …
Read more →
image

From Userland to Hypervisor: A Journey Through the Full Stack of Security Research
5 months, 3 weeks5 min read8 comments
Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quam felis, ultricies nec, pellentesque eu, pretium quis, sem. Nulla consequat massa quis enim. Donec pede justo, fringilla vel, aliquet nec, vulputate …
Read more →
image

FPGA-based PCIe memory scraper with Rust C2.
5 months, 3 weeks5 min read8 comments
Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec quam felis, ultricies nec, pellentesque eu, pretium quis, sem. Nulla consequat massa quis enim. Donec pede justo, fringilla vel, aliquet nec, vulputate …
Read more →

Disclaimer :

The knowledge, methods, and tools we share on this blog are provided for one core purpose: to educate, to support research, and to help security professionals build stronger, more resilient defenses. Our entire goal is to strengthen cybersecurity by explaining how attacks work, so you can learn to stop them. It is an absolute condition of your time here that you understand this information must only be used within ethical and legal boundaries. You are only allowed to use anything you learn on computing systems and networks that you personally own, or for which you have direct, explicit, written permission from the legal owner. Any form of unauthorized access or testing is strictly forbidden. It is illegal almost everywhere and can lead to severe real-world consequences like criminal charges, heavy fines, and career damage. All content is provided "as-is," and we cannot be held liable for any damages that result from its misuse or misapplication. You, the reader, bear full and complete responsibility for your own actions and their outcomes—legal, financial, and ethical. By using this blog, you explicitly agree to follow all applicable laws and to use this knowledge responsibly. Your guiding principle must be this: if you have any doubt at all about the legality of an action, do not proceed. The rule is simple—always get explicit, written permission first. We believe in a cybersecurity culture built on integrity and a sense of ethical duty. This knowledge is a powerful tool; please wield it wisely. Let your curiosity be guided by a strong moral compass. Stay ethical, stay legal, and stay curious.