Alex Ionescu

I’ve been living, breathing, and training in operating systems and cybersecurity technology for almost two decades, and there’s nothing I love more. In part thanks to my ground-breaking research and wealth of Windows Internals knowledge, I am honored to have been recently recognized by the United States Government as an Alien of Extraordinary Ability, “demonstrating internationally recognized extraordinary abilities in the sciences through sustained national or international acclaim.” As a developer, I started my career as one of the key lead kernel developers on the open source ReactOS project, and re-implemented from scratch, based on reverse engineering and black box testing, large parts of the Windows XP/2003 kernel (which was, at the time, current). Throughout that work, I uncovered dozens of vulnerabilities and just plain old bugs in the kernel and its many associated subsystems and drivers, both in user-mode and kernel-mode. I then moved on to work at Apple, Inc. where I was an intern and then part-time remote software engineer while completing my studies, and worked on the Core Platform team, where I helped port both iOS and iBoot, as well as related drivers, to exciting new platforms, ARM architectures, and SOCs, as well as worked on interesting and varied user-mode infrastructure such as SpringBoard, Mach RPC, and CoreAnimation. Finally, I joined CrowdStrike, Inc., as part of its launch team over five years ago, where I initially started as its Chief Architect, responsible for the overall vision and design of its endpoint security product, and have recently taken on a new role as the Vice President of EDR Strategy, to help cement its lead in the market and unparalleled visibility into operating system behaviors. As a reverse engineer, I began tearing apart Windows long before my involvement with ReactOS. While now having joined the relics of GeoCities, Planet Source Code was a popular coding website where developers compete against one another to win the coveted “Superior Code Award”. Each of my 8 submissions gathered exclusively five-star reviews, and I had won the award three times by the time I moved on. My ongoing reverse engineering work and research led me to first publish at Recon in 2006 and BlackHat in 2008, followed by many more security conferences, where I have now participated in for over a decade. Finally, as a teacher and technical writer, I first began by publishing an 125-page paper on Windows Internals on Planet Source Code, which covered key windows structures in the NT kernel, and was one of the first to leverage the use of Microsoft’s Public Symbol Files (PDB) to extract type data from the kernel. I later followed-up with an entire reverse engineering overview of the Visual Basic 6 File Format, which was used by many decompilers at the time (as well as some contracting work on the side). Finally, I eventually published a similar guide on the NTFS File Format, which greatly helped the ntfs-3g Linux Project achieve a more consistent understanding of the various data structures involved. I began giving small presentations on ReactOS and NT internals at various locations, including a presentation at Waterloo University in Canada, which eventually led to my contracting with David Solomon Expert Seminars, Inc., a real titan in the Windows Internals training world. Just as Winternals and Mark Russinovich had been acquired by Microsoft, I was contracted to “fill his shoes” (an impossible task) and began giving regular trainings at Microsoft for David, followed by a growing list of additional customers and organizations. I now own my own consulting company, Winsider Seminars & Solutions, Inc., and continue to focus on researching, writing, and writing, about Windows. Please visit our training offerings on the site at http://www.windows-internals.com to see if our topics are of interest, or feel free to shoot me an e-mail if you have something custom in mind.