Ayushman / D4mianWayne

Exploit Development · Vulnerability Research · Red Teaming

About

I am a security researcher focused on exploit development and vulnerability research on low-level systems. I run PwnFuzz where I publish CVE analyses and exploitation research. Currently working as a pentester and working on my personal research on the side.

Projects

• DiffRays — Binary patch diffing tool for vulnerability research. CVE-based autodiff, decompilation comparison, and a web-based diff viewer.
• WindowsHeapMastery — Windows user-mode heap internals (NT Heap, Segment Heap, LFH) and exploitation techniques on Windows 10/11.
• PwnLand — Exploitation knowledge base with 50+ writeups covering binary exploitation and kernel research.
• cve-pocs — Working proof-of-concept exploits for enterprise CVEs.
• Roppy — Automated ROP chain generation framework.
• BSCP — Cheatsheet, notes and payloads for the Burp Suite Certified Practitioner exam.

CVE Research

• CVE-2025-2263 — Sante PACS Server — stack-based buffer overflow via decryption routine (C, full RE + IDA analysis)
• CVE-2025-2825 — CrushFTP — authentication bypass, logic flaw analysis and exploitation
• CVE-2024-53675 / CVE-2024-53676 — HPE Insight Remote Support — unauthenticated XXE + RCE
• CVE-2024-37397 — Ivanti Endpoint Manager — unauthenticated OOB XXE (.NET)
• CVE-2024-4040 — CrushFTP — server-side template injection leading to RCE

Certifications

OSCP · OSED · CRTO · CRTE · BSCP