I research specific CVEs and vulnerabilities in depth — producing technical write-ups with root cause analysis, working proof-of-concept code, detection signatures, and mitigation guidance. Useful for team training, blog content, environment impact assessment, CTF solutions, and responsible disclosure documentation.
Research deliverables: vulnerability root cause analysis explaining exactly why the code is vulnerable; affected version matrix; CVSS v3.1 breakdown with environmental score guidance; working PoC demonstrating exploitation in a lab environment with step-by-step walkthrough; detection signatures (YARA for file-based detection, Sigma for log-based detection, Suricata/Snort network signatures where applicable); and environment-specific impact analysis.
Exploit development scope: web vulnerabilities (SSRF, RCE, deserialization, XXE, authentication bypass); Linux/Windows privilege escalation CVEs; container escapes; cloud service vulnerabilities; and network protocol vulnerabilities. Complex exploit chains (ASLR bypass, ROP chains, heap grooming) are available for Premium engagements.
I write PoC for educational and authorized research purposes only — not weaponized exploits for use against systems you don't own. For zero-day research, I can assist with responsible disclosure documentation.