Piotr Bazydło (@chudyPB) / X

Piotr Bazydło

1,039 posts

Piotr Bazydło

@chudyPB

Principal Vulnerability Researcher at watchTowr | Previously: Zero Day Initiative | @[email protected]

Joined October 2017

Pinned
Piotr Bazydło
@chudyPB
Jun 4, 2024
My OffensiveCon 2024 talk about Exchange PowerShell Remoting is available. Includes a chain of 3 vulns to RCE (file write + file read + DLL load).
39K
Piotr Bazydło
@chudyPB
Dec 22, 2022
I gave myself a Christmas gift 🎅
62K
Piotr Bazydło
@chudyPB
Nov 6, 2023
Recording of my Hexacon talk "Exploiting Hardened .NET Deserialization: New Exploitation Ideas and Abuse of Insecure Serialization" is available! Talk: youtu.be/_CJmUh0_uOM?si… White paper: github.com/thezdi/present… I hope you will find it useful 🙂
35K
Piotr Bazydło
@chudyPB
Jan 7, 2025
I'm happy to announce that I have recently joined @watchtowrcyber as a Principal Vulnerability Researcher. The break is over, it's time to do some new research 🫡
21K
Piotr Bazydło
@chudyPB
Sep 19, 2024
Blog about my @PwnieAwards nominated Exchange RCE gadget chain dropped: 1) File Write to drop DLL to unknown directory and leak this path to log file. 2) File Read to leak write location from the log file. 3) Local DLL loading gadget -> RCE It was a fun process 🥲
TrendAI Zero Day Initiative
@thezdi
Sep 19, 2024
In part 3 of his series on exploiting #Exchange #Powershell after ProxyNotShell, ZDI researcher @chudyPB chains 3 bugs that lead to RCE, mainly by abusing the single-argument constructor conversions. Read the details at zerodayinitiative.com/blog/2024/9/18…
43K
Piotr Bazydło
@chudyPB
Jan 28, 2025
I had a blast during my first month at @watchtowrcyber :)
13K
Piotr Bazydło
@chudyPB
Nov 21, 2024
My WarCon slides about Ivanti Avalanche are public! I tried to do some mapping of the attack-surface, show the new auth mechanism and present some research ideas (things I didn't try). It also shows my first-ever fuzzing and memory corruption experience😆
presentations/2024_WarCon/Avalanche_WarCon24.pdf at main · thezdi/presentations
From github.com
11K
Piotr Bazydło
@chudyPB
Jul 24, 2024
My Exchange RCE chain presented during @offensive_con has been nominated for the Best RCE Pwnie. Quite a nice surprise 🙂
13K
Piotr Bazydło
@chudyPB
May 4, 2022
I am excited to announce my new position - Vulnerability Researcher at Trend Micro Zero Day Initiative @thezdi. I can't wait to have my hands busy with tons of research.😎
Piotr Bazydło
@chudyPB
Dec 20, 2024
After amazing (almost) 3 years, this is my last day at @thezdi. Huge thanks to the entire team, it was an honour to work with you folks! New challenges and adventures are starting in 2025 :) PS. Watch out for the ZDI blog, as several of my posts should appear there in 2025.
6.5K
Piotr Bazydło
@chudyPB
Jun 13, 2023
My second Exchange RCE got patched! I hope to disclose some details in a near future. msrc.microsoft.com/update-guide/e…
19K
Piotr Bazydło
@chudyPB
Aug 16, 2023
As Ivanti Avalanche is making news, a quick reminder about my research. It gave me about 10 pre-auth RCEs, HQL injection and other bugs. Pre-auth vector was very interesting and you can find details in two parts: zerodayinitiative.com/blog/2022/7/19… zerodayinitiative.com/blog/2022/9/7/…
zerodayinitiative.com
Zero Day Initiative — Riding the InfoRail to Exploit Ivanti Avalanche
Back in 2021, I stumbled upon a proof of concept describing an arbitrary file read vulnerability in the Ivanti Avalanche mobile device management tool. As I was not aware of this product, I decided...
20K
Piotr Bazydło
@chudyPB
Feb 19, 2024
I'm shocked - my research was ranked as 2nd best web research of 2023. Thanks for the votes and congratulations to the rest of researchers!
PortSwigger Research
@PortSwiggerRes
Feb 19, 2024
The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2023! portswigger.net/research/top-1…
16K
Piotr Bazydło
@chudyPB
Nov 1, 2022
My bypass of security controls in Apache Batik. Leads to the SSRF and even RCE during the SVG parsing. Payloads included. Reason: Java jar:// URI returns null host🙃
TrendAI Zero Day Initiative
@thezdi
Oct 31, 2022
Use #Apache #Batik? Check out this latest blog from @chudyPB showing how versions below 1.15 and 1.16 can be abused for SSRF or RCE. zerodayinitiative.com/blog/2022/10/2…
00:00