Matt Suiche
Hacker · Founder of OnDB
Hello! My name is Matt Suiche. I am the founder of OnDB Inc., a data infrastructure startup for the agentic economy. I recently discussed cyberwar in the age of AI, Iran’s cyber capabilities, and how AI is reshaping hacking on Bloomberg’s Odd Lots and the National Security Lab podcast.
Previously, I co-founded CloudVolumes (acquired by VMware in 2014) and Comae Technologies (acquired by Magnet Forensics in 2022), where I later served as Head of Detection Engineering. I also founded the cybersecurity community project OPCDE.
My path into technology started in reverse engineering as a teenager, and has since spanned memory forensics, operating systems, virtualization, blockchain, and now AI infrastructure.
Latest
This is the last part of a 3-part series on Bob and Alice in Kernel-land. You can find Part 1 here and Part 2 here.
CrowdStrike podcast “Adversary Universe Podcast” just released a new episode entitled “The Kernel’s Essential Role in Cybersecurity Defense” featuring Adam Myers w/ Alex Ionescu, who is the original architect of the CrowdStrike Falcon kernel agent and also known for being the co-author of “Windows Internals” book and to be among the most knowledgeable people when it comes to understanding how the Windows (or any other OS tbh) kernel works.
It’s been a month since I wrote Part 1 of “Bob and Alice in Kernel-land”. As expected, we saw minimal constructive feedback from vendors, with a few notable exceptions. Sophos provided the most detailed information about their drivers, while CrowdStrike offered valuable insights into their kernel architecture, including the use of Microsoft’s Winsock kernel file transfer. This feature, introduced in Windows Vista+, was designed to replace the outdated Transport Driver Interface (TDI). It’s reasonable to assume that the existence of this capability has significantly contributed to more operations being moved to kernel mode, as leveraging TDI posed considerable challenges without compromising stability.
Over the past decade, several cyber incidents have shed light on how SWIFT operates between institutions. In 2017, I covered the vulnerabilities with PASSFREELY and the JEEPLEA SIGINT operations revealed in TheShadowBrokers leaks. Additionally, the 2016 Bangladesh Central Bank Heist, orchestrated by North Korea, offered valuable insights into the workings of international inter-bank SWIFT messaging.
Since then, financial messaging standards have undergone significant changes. Legacy standards like ISO 15022 and ISO 8583 are being phased out in favor of ISO 20022. At the same time, new competing standards have emerged, particularly from Russia’s SPFS, India’s Unified Payments Interface, and China’s CIPS. Additionally, Central Bank Digital Currency (CBDC) initiatives have been launched, and smart contract-based centralized stablecoins like USDC, USDT, and BUSD now include features like the ability to freeze transactions.