# Cameron Babcock - Full site map Canonical: https://cameronbabcock.net/ Headline: Windows internals, reverse engineering, and security engineering notes from Cameron Babcock. Bio: Principal software engineer with more than a decade of experience across Windows kernel development, endpoint detection, CNO tooling, vulnerability research, and security platform engineering. ## Core pages - Home: https://cameronbabcock.net/ - Blog archive: https://cameronbabcock.net/blog/ - Resume page: https://cameronbabcock.net/resume/ - Resume PDF: https://cameronbabcock.net/resume/cameron-babcock-resume.pdf - RSS feed: https://cameronbabcock.net/rss.xml - Robots: https://cameronbabcock.net/robots.txt - Sitemap: https://cameronbabcock.net/sitemap.xml ## Capability map - Windows Kernel & EDR Engineering: I build low-level telemetry, detection, and hardening capabilities intended for production environments and real attacker behavior. - Kernel- and user-mode endpoint components in modern C++ - Behavioral detection for shellcode injection and exploit activity - High-fidelity telemetry pipelines with practical cost discipline - Offensive Security & CNO Tooling: Experience building and assessing offensive tooling informs the defensive side of my work and keeps it grounded in operator reality. - Implants, loaders, and command-and-control support tooling - Threat modeling and OPSEC-aware engineering - Cross-platform evasive research spanning Windows, macOS, iOS, and Linux - Reverse Engineering & Vulnerability Research: When a system is opaque, I am comfortable working at the binary level until the relevant behavior is understood. - Binary manipulation and malicious subversion analysis - Compiler, supply chain, and code-injection research - Exploit development and root-cause driven security analysis - Security Architecture & Platform Modernization: I work at the intersection of architecture, tooling, and engineering process, especially where mature codebases need to become faster and safer at the same time. - Agentic and AI-assisted engineering workflows for large codebases - Testing and CI improvements under operational constraints - Hardening reviews against advanced attacker techniques ## Credentials - TS/SCI + FSP last active 2024 - GSEC - Net+ - GCFA - GCFE - CISSP - GCIH - GSTRT - GCIA ## Experience timeline - Principal Software Engineer @ Sophos / SecureWorks (2024 - Present) - Leading Windows agent and EDR platform work across kernel and user mode, with a focus on exploit-aware telemetry, defensive hardening, and practical platform modernization. - Architected enterprise EDR capabilities across kernel and user mode - Established AI-assisted workflows and engineering standards across a large legacy codebase - Built crash-dump and behavioral-analysis utilities for production defense - Senior CNO Software Engineer @ Raytheon Cyber (2022 - 2024) - Developed advanced CNO tooling and led research into evasion, anti-analysis, and validation infrastructure across multiple operating systems. - Built implants, loaders, and supporting command-and-control infrastructure - Researched hypervisor-based and hardware-assisted evasion techniques - Introduced automated testing and CI patterns inside constrained environments - Software Engineer / Systems Vulnerability Analyst @ National Security Agency (2020 - 2022) - Worked across red- and blue-team assessments, supply-chain research, vulnerability analysis, and technical reporting for senior stakeholders. - Contributed to work referenced in senior-level cyber policy discussions - Researched SolarWinds-class attack paths and defensive replication strategies - Performed reverse engineering, application security audits, and tool evaluation ## Posts - How I Found 3 Router 0-Days and Built an AI-Assisted Firmware Emulation Platform - URL: https://cameronbabcock.net/blog/router-0days-ai-emulation/ - Description: A disclosure-safe look at using rootless Podman, QEMU user-mode, and AI automation to bring up router firmware in WSL, work through the ugly realities of embedded userspace, and turn 3 findings into a repeatable testing platform. - Tags: firmware (https://cameronbabcock.net/tags/firmware/), reverse-engineering (https://cameronbabcock.net/tags/reverse-engineering/), ai (https://cameronbabcock.net/tags/ai/), emulation (https://cameronbabcock.net/tags/emulation/), research (https://cameronbabcock.net/tags/research/)