Computer Engineering graduate (Univ. of Murcia) and Cybersecurity Engineer with 5 years of professional experience, 10+ in total and mostly self-taught. I build and run security projects for mid-size and large companies, and support the SOC through forensics and incident response. On my own time I hunt bugs, reverse binaries and write offensive tooling. Curiosity is the core of it: the kid who took his toys apart now takes software apart instead.
TeamViewer Kernel Driver LPE CVE-2024-7479 / 7481. User-to-kernel privilege escalation: an unprivileged user could load an arbitrary, attacker-controlled kernel driver on Windows. Found and responsibly disclosed through ZDI (ZDI-24-1289 / 1290).
PoC · Finding TeamViewer 0days I · Finding TeamViewer 0days II · Finding TeamViewer 0days III
FortiOS Symlink Persistence Bypass CVE-2025-68686. A symlink-based persistence patch bypass in FortiOS that lets an attacker keep access across the affected configuration boundary, with a checker tool.
CashDro Payment Device Compromise CVE-2026-8077 / 8076. From no auth to full admin on a cash-management device, then extracting money using the same box that is used to deposit it.
Summar Employee Portal SQL Injection CVE-2025-40677. Authenticated SQLi in Summar's Employee Portal (< 3.98.0) giving full read/write access to the backend MSSQL database.
FortiGate VPN-SSL Honeypot. A Dockerised deception honeypot that mimics FortiGate VPN-SSL devices, traps brute-force attempts, detects deliberately exfiltrated credentials for counter-intelligence, and reports malicious activity to threat-intel feeds (VirusTotal, OTX, AbuseIPDB).
WhatAboutSAM. A custom Windows SAM dumper that reads credentials from the registry (SYSTEM) or, with only local administrator rights, via a Shadow Snapshot, so no SYSTEM is required.
secretsdump: Shadow Snapshot via WMI Impacket PR #1719. A registry-independent credential-dump method merged into Impacket: create a Shadow Snapshot on the remote host over WMI, then pull SAM, SYSTEM and SECURITY over SMB for offline analysis.
Detect Remote Shadow Snapshot Dump. The blue-team counterpart: a PoC that uses Event Tracing for Windows (WMI and SMB-Client providers) to detect remote SAM/SYSTEM/SECURITY theft via shadow snapshots, with no code execution on the victim.
LaborOfficeFree Weak MySQL Root Password CVE-2024-1346. The bundled MySQL root password in LaborOfficeFree 19.10 can be calculated deterministically, granting full access to the database.
prevent_pth_gpo. A PowerShell script that automates GPO creation to harden Windows Active Directory against lateral-movement and pass-the-hash techniques.
© Peter Gabaldon Julia · Murcia, Spain