Offensive Security Engineer — vulnerability research, reverse engineering, exploit development.
I document the full path: from the first wrong hypothesis to the working PoC.
| ID | Severity | Summary |
|---|---|---|
| CVE-2025-55182 | CVSS 10.0 — Critical | RCE in React Server Components via prototype pollution in the Flight protocol. Unauthenticated, single-request, deterministic. |
| CVE-2024-51324 | CVSS 9.5 — Critical | BYOVD via BdApiUtil64.sys. Three undocumented kernel primitives — including one capable of neutralizing an EDR without touching its process. |
| CVE-2021-4034 (PwnKit) | CVSS 7.8 — High | Linux local privilege escalation — full exploit framework. |
MSc Thesis — "Analysis, Management and Exploit Development for N-Day Vulnerabilities and Threats"
Grade: 100/100 · UCAM + Campus Internacional de Ciberseguridad · 2025
Original exploit development beyond existing public PoCs across modern web, Linux kernel, Windows desktop, and Windows kernel drivers. Includes empirical heap spray analysis of CVE-2024-30051 across 50 sessions: 12.9×–19× more deterministic than the theoretical model.
react2shell — Exploit framework for CVE-2025-55182. Vectors: RCE, reverse shell, exfiltration, defacement, shutdown, integrity bypass.
Languages Python · C · JavaScript / TypeScript · PHP
RE Ghidra · WinDbg · BinDiff · x64dbg
Web Burp Suite · Kali Linux
Platforms Windows kernel · Linux kernel · Node.js runtime
deviannt.com · blog.deviannt.com · links.deviannt.com · @devianntsec · me@deviannt.com