Lucid Duck

Vulnerability research and Linux kernel development

Lucid Duck • Selbstständig

Dec 2024 - Present • 1 yr 5 mos

Black-box vulnerability research and Linux kernel development. 5 critical/high findings (CVSS 7.1-9.8) across enterprise products. All work done without source code or vendor documentation. VULNERABILITY RESEARCH: Enterprise VPN Infrastructure: Command injection → root shell (CVSS 9.8) Weaponized legitimate VPN client into exploit delivery by chaining misconfigurations Built rogue IKEv2 servers (StrongSwan) to safely validate exploits prior to disclosure IoT & Embedded Devices: D-Bus authentication bypass in security cameras (CVSS 8.8) Privilege escalation via world-writable Unix socket in endpoint protection software (CVSS 7.1) Firmware extraction and analysis on ARM and x86 embedded Linux platforms Protocol Reverse Engineering: Reconstructed Cap’n Proto IPC protocols from stripped binaries Decoded proprietary XML schemas and binary serialization formats Built custom Python fuzzers to test encrypted message parsers Database Exploitation: SQL injection achieving xp_cmdshell-level system compromise Error-based extraction techniques against Windows SQL Server All findings disclosed via direct vendor contact or Bugcrowd with CVSS scoring, CWE classification, working PoCs, and remediation guidance. LINUX KERNEL DEVELOPMENT: Wireless driver patches submitted to linux-wireless (rtw89, mt76): Fixed TX flow-control bug causing ~200× packet loss in USB drivers Identified race condition in URB completion callbacks and implemented atomic fix Debugged mac80211 TX power reporting issues Patches under maintainer review by Realtek and MediaTek engineers Tools: Ghidra, IDA, GDB, ftrace, Wireshark, Burp Suite, Python, StrongSwan