PwnFuzz Research Lab

Advanced exploitation techniques, reverse engineering insights, and cutting-edge security research. From zero-day discovery to sophisticated exploit development.

Latest Research

In-depth technical analysis, vulnerability research, and exploit development insights.

This blog post contains a thorough analysis of Server Side Template Injection vulnerability in a commercial Managed File Transfer product named CrushFTP. Exploit script is available. The post covers the vulnerability, exploitation, and the underlying custom templating engine that led to the issue, with code and analysis.

D4mianwayne
Read More

This post analyzes the authentication bypass vulnerability in CrushFTP, including patch diffing, code analysis, and exploit methodology. It details the affected versions, the patch, and the logic flaw that allowed unauthenticated access, with code snippets and step-by-step breakdown.

D4mianwayne
Read More

This post explores two critical vulnerabilities in HPE Insight Remote Support: an unauthenticated XXE and a remote code execution flaw. It covers the technical details, exploitation process, and provides proof-of-concept code and analysis for both vulnerabilities.

D4mianwayne
Read More

Featured Projects

Open-source tools, exploit frameworks, and research utilities for the security community.

POCs

By D4mianWayne
Active

Collection of proof‑of‑concept exploits for various CVEs and vulnerabilities.

Various (likely Python, C, etc.)PoC Repository
Updated: September 2024

PwnLand

By D4mianWayne
Active

Pwning notes: tutorials, examples & challenge solutions for binary exploitation.

PythonExploit/CTF Repository
Updated: April 30 2025

Patch Tuesday

By Nikhil John Thomas (@ghostbyt3)
Active

A Python script to fetch, analyze, and report on Microsoft Security Updates (Patch Tuesday releases) from the MSRC API.

PythonSecurity Tool
Updated: Recent