A look at passkey architecture: device-bound vs synced credentials, the three authenticator categories, and real-world deployment pitfalls like magic link fallbacks and signature counters. Published on the Anvil Secure blog.

A deep dive into the WebAuthn/CTAP protocol that powers passkeys, breaking down what actually happens on the wire during registration and authentication. Published on the Anvil Secure blog.

A kernel module infrastructure to stealthily dump executable pages of packed processes at runtime. Published on the rev.ng blog.

Paper by Pennino, Pizzonia, and Griscioli published in Future Generation Computer Systems (Elsevier). My bachelor thesis implementation contributed to this work.