Pages

I enjoy fixing things by breaking things. I have been using and administering UNIX/Linux systems since 1995. In early 2017, I joined a penetration test team specializing in offensive security. In 2019 I moved to the red team. In 2020 I moved into consulting conducting a wide range of penetration testing services (External, Inernal, Web, Mobile, Wi-Fi, Social Engineering). In 2025, I transitioned formally into a security research role, while continuing to dedicate part of my time to offensive security assessments. ...

I hunt for vulnerabilities in open and closed source software. Below are a list for some of my publicly acknowledged vulnerabilities. CVE-2025-32463 - Sudo chroot Elevation of Privilege Details can be found on my work blog at https://stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot PoC Mirror: https://github.com/mirchr/CVE-2025-32463-sudo-chwoot/ Vendor Advisory: https://www.sudo.ws/security/advisories/chroot_bug/ Media References: https://thehackernews.com/2025/07/critical-sudo-vulnerabilities-let-local.html https://www.helpnetsecurity.com/2025/07/01/sudo-local-privilege-escalation-vulnerabilities-fixed-cve-2025-32462-cve-2025-32463/ https://cybersecuritynews.com/linux-sudo-chroot-vulnerability/ https://cybernews.com/security/critical-linux-sudo-flaw-discovered/ https://cyberpress.org/12-year-old-sudo-vulnerability/ https://www.infosecurity-magazine.com/news/linux-users-urged-to-patch/ https://gbhackers.com/12-year-old-sudo-vulnerability/ https://www.redhotcyber.com/en/post/linux-pwned-privilege-escalation-on-sudo-in-5-seconds-hackerhood-tests-the-cve-2025-32463-exploit/ https://thecyberwire.com/newsletters/daily-briefing/14/126 CVE-2025-32462 - Sudo Host Option Elevation of Privilege Details can be found on my work blog at https://stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host ...