Skip to content
View Unrealisedd's full-sized avatar
:shipit:
:shipit:
  • 03:34 (UTC +02:00)

Block or report Unrealisedd

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
Unrealisedd/README.md

NASA   Ubisoft   British MOD   NSF

HackerOne


I'm a 20-year-old security researcher from the Netherlands, studying IT at Fontys University of Applied Sciences. I find and report vulnerabilities in production systems — from kernel drivers to web applications.

Currently focused on binary exploitation, Windows kernel-level vulnerability research, and expanding my public research archive.


Selected Research   exploitarium

Target Type Impact
Windows Defender NTLM coercion Standard user forces SYSTEM credential leak via UNC path
Windows Defender Signature lock bypass FILE_SHARE_READ locks signatures on patched systems
dam.sys Kernel driver bugs (x3) BSOD + confused deputy + Defender freeze from standard user
OpenVPN (ovpn-dco-win) Kernel UAF CNG key use-after-free in kernel driver
Overwolf Updater LPE to SYSTEM Forged Authenticode cert + insecure service DACL
Safe Exam Browser Auth bypass + RCE Service auth bypass → log injection → RCE as SYSTEM
Discord Desktop RCE Multiple desktop client RCE attack paths
Nextcloud XXE + SSRF File read/SSRF + protection bypass chain
Woodpecker CI Pipeline RCE \r bypass of newline sanitization → YAML injection
spacedesk LPE to SYSTEM Everyone full-control service DACL
LibreNMS SSTI → RCE Template injection to remote code execution chain
RetroArch (libchdr) Heap overflow Integer overflow → OOB write on 32-bit via crafted CHD

"You can't secure what you don't understand."
— Bruce Schneier


GitHub Stats


Support My Work

vanmoorseltim@outlook.com

Popular repositories Loading

  1. exploitarium exploitarium Public

    Forked from bikini/exploitarium

    A single archive of public exploit PoCs and vulnerability research writeups. At the time I post these, none have been reported. Feel free to report them yourself and take credit for the CVE if hand…

    Python 14 2

  2. Methodology Methodology Public

    My methodology for pentesting/hacking

    5 2

  3. BAC-workflow BAC-workflow Public

    workflow for testing broken access control

    4 1

  4. Recon-workflow Recon-workflow Public

    2 1

  5. sqldorker sqldorker Public

    I quickly made a script that uses your google dork request and then tests it with simple sqli payloads, you can edit the payloads used ofcourse.

    Python 1

  6. Unrealisedd Unrealisedd Public

    1