Ibai Castells

About Ibai

Ibai Castells is a Senior Hive Member and Red Team specialist at CovertSwarm, where he leads capability development in advanced Windows exploitation, malware research, and offensive AI. Since joining the Swarm in September 2023, he’s become a recognized authority in cutting-edge offensive security research: the kind that uncovers what traditional testing misses.

His work speaks for itself. Ibai developed the first public exploit for BadSuccessor, a critical privilege escalation vulnerability in Windows Server 2025’s dMSA implementation that earned coverage in The Hacker News. Also, his research on Remote Procedure Call (RPC) vulnerabilities demonstrates how sophisticated attack chains bypass modern defenses. This is all documented on his personal blog, breaking down EDR bypass methods, syscall manipulation, and post-exploitation tradecraft for the offensive security community.

At CovertSwarm, Ibai doesn’t just execute attacks: he builds the capabilities that power them. His work spans Windows environments, custom malware development, social engineering, and web application security. He’s pioneering offensive AI research that’s reshaping how continuous attack methodologies adapt in real time against modern defenses.

His credentials reflect hands-on expertise across multiple offensive domains: OSCP, CRTO, CRTL, and MSAB XRY – not just certifications, but proof of capability.

When he’s not breaking systems or developing next-generation offensive tools, Ibai can be found traveling, surfing, or playing guitar. The same creative, adversarial mindset applies everywhere.

RESEARCH & PUBLICATIONS

Ibai’s research pushes offensive security forward. He has been featured in industry publications:

• “Critical Windows Server 2025 DMSA Vulnerability” – The Hacker News, May 2025
• “Researching Remote Procedure Call (RPC) Vulnerabilities” – Pentest Ltd Labs

For ongoing technical research covering EDR bypasses, malware development, and Windows exploitation, visit kreep.in or follow him on GitHub.

SPEAKING & COMMUNITY ENGAGEMENT

Ibai shares his research with the offensive security community through conferences, webinars, and podcasts:

Upcoming Presentations

• NCSC Research Demos (March 12, 2026)
  Research presentation at the UK National Cyber Security Centre

Recent appearances

• DEFCON 33 – Red Team Village (August 8-10, 2025)
  “ModuleOverride – Changing a Tyre Whilst Driving”
  Co-presented with Alessandro Grisa
  Event Details

• CovertSwarm AI Security Webinar (October 2025)
  “Protect Your AI from Prompt Injection Attacks”
  Panel with James Dale and Pablo Sánchez Llopis

• YOU DESERVE TO BE HACKED Podcast – Season 2, Episode 4
  “Words as Weapons: The Psychology and Social Engineering”