Thomas Garnier is a Senior Security Engineer in the Trustworthy Computing Group at Microsoft. He is an enthusiast vulnerability researcher focused on network security and Windows. Before joining Microsoft, he reported multiple MSRC cases mainly in the win32k driver. After joining, he worked on building mitigations and identifying design vulnerabilities. He is the co-author of Sysinternals Sysmon with Mark Russinovich.
Sysinternals Sysmon: http://technet.microsoft.com/en-us/sysinternals/dn798348
Uninformed article on win32k privilege escalation: http://www.uninformed.org/?v=10&a=2@mxatone