Skip to content
View 0daytrace's full-sized avatar

Block or report 0daytrace

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
0daytrace/README.md
Typing SVG 
┌─────────────────────────────────────────────────────────────────┐
│  whoami                                                         │
│  > Independent vulnerability researcher · Pakistan             │
│  > Specialization: Memory corruption · Firmware · Embedded      │
│  > Disclosure model: 90-day responsible · CVE author           │
│  > Status: Open to consulting · Research collaboration          │
└─────────────────────────────────────────────────────────────────┘

0x00 — Threat Model

I hunt bugs at the intersection of C/C++ memory safety, embedded firmware, and RTOS attack surfaces — the layer most researchers skip. My work targets real-world impact: RCE chains, privilege escalation, and trust boundary violations in hardware-adjacent code.

  • Core specialties: Heap/stack corruption · Integer overflows · Path traversal chains · Firmware reverse engineering · Vulnerability chaining
  • Target surfaces: Embedded Linux · RTOS (RT-Thread, Zephyr, FreeRTOS) · IoT firmware · Native libraries · SDK attack surfaces
  • Methodology: Static + dynamic analysis · PoC-first · Coordinated disclosure with full write-up

0x01 — CVE Portfolio

Advisory Target Class CVSS Status
GHSA-pv8c-p6jf-3fpp sipeed/picoclaw RCE Chain (23 findings) 10.0 Critical ✅ Patched · May 2026
INTEL-1NV2EPZP Intel linux-sgx SDK Integer Overflow Disclosed
INTEL-EQF6ERMM Intel cve-bin-tool Path Traversal Bypass Disclosed
MSRC-101655 Microsoft Under Embargo 🔒 Active
MSRC-101664 Microsoft Under Embargo 🔒 Active
MSRC-107435 Microsoft Under Embargo 🔒 Active

All disclosures follow 90-day coordinated timelines aligned with Google Project Zero standards.

0x02 — Active Research

current_targets = [
    "Embedded RTOS surfaces (RT-Thread · Zephyr · FreeRTOS)",
    "Native library heap internals (LevelDB · RocksDB · SQLite)",
    "Firmware supply chain integrity",
    "SDK / toolchain attack surfaces",
]

programs = ["Google OSS VRP", "MSRC", "Intel/Intigriti", "ZDI (pipeline)"]

0x03 — Stack

C C++ Python Assembly Bash

GDB Ghidra Binwalk QEMU AddressSanitizer Valgrind

0x04 — Stats

0x05 — Principles

[!] No PoC, no report.
[!] Vendor silence past 90 days triggers coordinated public disclosure.
[!] Severity is what the attacker can do — not what the vendor wants to hear.
[!] The best bug report is one the engineer can act on in 10 minutes.

0x06 — Contact

Email LinkedIn

Open to: Security consulting · Firmware audit engagements · Coordinated research partnerships


footer

Profile views

Popular repositories Loading

  1. 0daytrace 0daytrace Public

  2. leveldb leveldb Public

    Forked from google/leveldb

    LevelDB is a fast key-value storage library written at Google that provides an ordered mapping from string keys to string values.

    C++