Pages

I hunt for vulnerabilities in open and closed source software. Below is a list for some of my publicly acknowledged vulnerabilities. CVE-2025-47161 - Microsoft Defender Elevation of Privilege Vulnerability Details can be found on my work blog write-up at http://stratascale.com/vulnerability-alert-cve202547161 Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47161 CVE-2025-26684 - Microsoft Defender Elevation of Privilege Vulnerability Details can be found on my work blog write-up at https://www.stratascale.com/vulnerability-alert-cve202526684. Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26684 Media References: https://thehackernews.com/2025/05/microsoft-fixes-78-flaws-5-zero-days.html https://gbhackers.com/microsoft-defender-vulnerability/ https://cybersecuritynews.com/microsoft-defender-vulnerability-allows-attackers/ CVE-2024-53552 CrushFTP - Host Header Injection ...

I enjoy fixing things by breaking things. I have been using and administering UNIX/Linux systems since 1995. In early 2017, I joined a penetration test team specializing in offensive security. In 2019 I moved to the red team. In my personal time, I conduct security research focusing on discovering vulnerabilities in open and closed source software. Visit my research page for a list vulnerabilities. Some of my exploits and tools can be found on at my Github repo https://github.com/mirchr. ...