I'm a 20-year-old security researcher from the Netherlands, studying IT at Fontys University of Applied Sciences. I find and report vulnerabilities in production systems — from kernel drivers to web applications.
Currently focused on binary exploitation, Windows kernel-level vulnerability research, and expanding my public research archive.
| Target | Type | Impact |
|---|---|---|
| Windows Defender | NTLM coercion | Standard user forces SYSTEM credential leak via UNC path |
| Windows Defender | Signature lock bypass | FILE_SHARE_READ locks signatures on patched systems |
| dam.sys | Kernel driver bugs (x3) | BSOD + confused deputy + Defender freeze from standard user |
| OpenVPN (ovpn-dco-win) | Kernel UAF | CNG key use-after-free in kernel driver |
| Overwolf Updater | LPE to SYSTEM | Forged Authenticode cert + insecure service DACL |
| Safe Exam Browser | Auth bypass + RCE | Service auth bypass → log injection → RCE as SYSTEM |
| Discord Desktop | RCE | Multiple desktop client RCE attack paths |
| Nextcloud | XXE + SSRF | File read/SSRF + protection bypass chain |
| Woodpecker CI | Pipeline RCE | \r bypass of newline sanitization → YAML injection |
| spacedesk | LPE to SYSTEM | Everyone full-control service DACL |
| LibreNMS | SSTI → RCE | Template injection to remote code execution chain |
| RetroArch (libchdr) | Heap overflow | Integer overflow → OOB write on 32-bit via crafted CHD |
"You can't secure what you don't understand."
— Bruce Schneier

