k.mohit46

Mohit Kulamkolly works at Netskope as an Security Analyst ll - Red team and Offensive Operations, a Santa Clara-based company that offers the Cloud Native Security Platform to assist enterprises secure their growing cloud footprint.

He has been working with the Appsec division Pen-testing applications and product features for more than 4 years , in addition to making sure firms’ product development projects are secure.
His particular areas of interest are binary exploitation, fuzzing, exploit development and reverse engineering.
In his tenure at Netskope he has discovered multiple critical vulnerabilities within the Application and driven by passion for cutting edge research in his domain.

An accomplished speaker, he presented at Black Hat Europe Arsenal 2025 and has delivered over 10+ technical presentations to a diverse range of product development disciplines within his current organization. His research has made contributions to the cyber security community including reporting CVE-2024-46455 and open source contributions.

IOCTL-hammer is a lightweight fuzzing harness designed for efficient and targeted security auditing of Windows driver IOCTL interfaces. This tool addresses the high barrier to entry for kernel driver testing by providing a simple, accessible framework that focuses on the most common vulnerability patterns: buffer mismanagement. Rather than relying on complex, coverage-guided instrumentation, ioctl-hammer adopts a parameter-centric methodology, systematically manipulating the four core user-mode buffer descriptors sent via DeviceIoControl.

The fuzzer executes a structured, predefined suite of test cases designed to stress boundary conditions, null parameter handling, and size discrepancies. Despite its simplicity, this focused approach has proven highly effective in real-world testing against proprietary Windows drivers, successfully uncovering multiple zero-day vulnerabilities including a kernel-to-user heap overflow, Denial of Service vulnerabilities and Direct BSODs. IOCTL-hammer is designed for security engineers and researchers to quickly perform initial vulnerability assessments on IOCTLs, find low-hanging fruit, and validate findings without requiring extensive setup or kernel debugging expertise for initial discovery.

Insights from Audience

Our audience were mostly qurious on the ways to add custom structures(payloads) that the product would be accepting to the fuzzer for breaking the entry barriers and for further exploitation
Audience found the tool very helpful for performing quick security audits for the software that runs on windows platform and uses IOCTLs for communication with the kernel.

https://blackhat.com/eu-25/arsenal/schedule/index.html?track[]=exploitation-and-ethical-hacking#ioctl-hammer---parameter-centric-ioctl-fuzzer-for-windows-drivers-48502

k.mohit46

About

Speaking Topics & Expertise

Featured Talks

IOCTL-hammer - Parameter centric IOCTL Fuzzer for Windows Drivers

Connect

Experience Level