Igor Korkin, PhD

Experience

• 

  FGUP CNIIHM (www.cniihm.ru)

  Feb 2009 - Mar 2019

  Senior Researcher

  * Development of Windows kernel-mode drivers and user-mode applications using C/C++, WDK, VS, WinDbg;* Cyber security and digital forensics research in various expert teams;* Various docs and publications for customers.

• 

  Special System Engineering Centre (www.ssec.ru)

  Mar 2019 - Oct 2019

  Lead Security Research Engineer

  * Development of the advanced firewall system for Windows-based hosts using C/C++, STL, and Npcap.

• 

  Huawei

  Nov 2019 - Aug 2023

  Lead Cyber Security Researcher, Expert

  LLC Ventra (3 years) and Huawei Technologies 2012 Labs - 华为 (0,7 year)● Russian Research Institute, Moscow, Russia.● Chengdu Research Center, Pidu, Sichuan, China.➤ Grade 19 (Expert B) | Probationary Period: Excellent (2023-02) | Two business trips to China | Defended Competency and Qualification (C&Q) Level 4 in 2023-08.➤ Focused on proactively improving Huawei's business solutions in data security, privacy, and system trustworthiness to make the products resilient against advanced cyberattack techniques. ➤ Research and Develop of Proof of Concepts (POCs) and Minimum Viable Products (MVPs)➤ Contributed pivotal technological breakthroughs that were integrated into business products WUCS (memory protection and anti code injection in Windows OS), EulerOS (SBM, memory protection, see patent), Dorado (integrated security system to protect files from human-based threats: ransomware, file corruption).➤ Research Protection Mechanisms of Linux and their robustness against rootkits using OS-level technologies (achievement: published a patent and SandBox Mode is integrated into the kernel) and hypervisor-based technologies (Applying MemoryRanger principle to isolate LKM from the kernel).Details of OS-level protection:→ Google Patents - US20230289465A1- https://patents.google.com/patent/US20230289465A1/en→ WIPO Patent Scope - WO2022105610 - https://patentscope.wipo.int/search/en/detail.jsf?docId=WO2022105610 → Huawei SandBox Mode (SBM) prevents vulnerability exploitation via decomposing the kernel - https://lwn.net/Articles/962087/➤ Research Algorithms to protect Windows Huawei Applications from common user-level intrusions(achievement: team award)➤ Research Data Storage Protection Technologies (prepared and defended Strategic Planning; completed H1 stage in 2023-07)➤ Presented at various Huawei events, including Huawei Trustworthy Workshops.➤ Received personal and team awards. Show less

• 

  Positive Technologies

  Oct 2023 - now

  Lead Software Developer

  Summary: Specializing in developing cutting-edge business security solutions to combat evolving cyber threats, with a focus on advanced malware detection and analysis. Working across two key groups: (1) Multiscanner and PT Sandbox, and (2) Low Level Development.Key Achievements:Group 1: Multiscanner and PT Sandbox• Research and Develop high-performance, secure kernel-mode plugins for business products• Designed innovative engines for Extended Detection and Response (XDR), Malware Analysis, and Advanced Threat Detection (Sandbox), enhancing unknown threat detection and reducing response times• Implemented and optimized an integrated unit testing framework for Windows kernel drivers using the Microsoft Unit Testing Framework, incorporating tests into the CI/CD pipeline• Product Feature Owner: New Advanced Feature to struggle with APT malware.Group 2: Low Level Development• Specialized in low-level programming and hardware virtualization techniques• Developed and optimized kernel-mode code for enhanced system performance and security• Resolved complex code compatibility issues, expanding product compatibility across various OS versionsCross-Group Responsibilities:• Integrated code quality and security check rules into the CI/CD pipeline, ensuring adherence to best practices throughout the development lifecycle• Experience with full software development life cycle, including coding standards, code reviews, source control management, build processes, testing, and operations• Presented findings and innovations at various expert events, showcasing advancements from both groupsTech Stack:• Low-level development and Hardware virtualization• Windows 7/10/11, Linux (Debian 11)• Languages: C, Python, Bash• Virtualization: Xen, QEMU, Drakvuf• Containerization: Docker, Kubernetes/k8s• Tools: YouTrack, GitLab, Git Show less