whoami
Red Teamer and Security Researcher based in Israel. I specialize in adversary simulation, malware development, and breaking things in authorized environments so defenders can build better ones.
My work spans the full offensive stack — from initial access and evasion to post-exploitation and lateral movement. I’m particularly interested in Windows internals, EDR bypass techniques, and the low-level mechanics that make offensive tooling actually work in modern environments.
What I Do
- Red Team Operations — Adversary simulation, physical and logical intrusions, full-chain attack scenarios
- Penetration Testing — Web, API, thick client, mobile (Android/iOS), internal network
- Malware Development — Shellcode loaders, EDR evasion, process injection techniques, C2 tooling
- Security Research — Windows internals, exception handling abuse, defense evasion primitives
- Teaching — Cybersecurity instructor covering Kali Linux, OSINT, and social engineering
Notable Projects
| Project | Description |
|---|---|
| TrueSightKiller | AV/EDR killer in C++ |
| impacket-jump | Remote service-staging tool for BOF-style lateral movement |
| Adaptix-StealthPalace | Adaptix C2 RDLL loader with Ekko sleep obfuscation and IAT hooking |
| Paruns-Fart | ntdll unhooking via Parun’s Fart technique |
Tech Stack
Languages: C / C++ · C# · Go · Python · PowerShell · JavaScript · Java
Platforms: Windows internals · Linux · Active Directory
Tooling: Kali Linux · Cobalt Strike · Sliver · Havoc · Adaptix · Impacket
Infra: AWS · Azure · Cloudflare · DigitalOcean · Terraform
Contact
- GitHub: github.com/MaorSabag
- LinkedIn: linkedin.com/in/maor-sabag