David Carliez
Just another Freelance Offensive Security Professional. The posts in this blog are snippets of my work that can be shared publicly.
Find me on
Blog
-
Windows AppResolver LPE: From AppContainer to SYSTEM
Exploit development for a Windows AppResolver authorization issue fixed in July 2026, from a zero-capability AppContainer to an interactive SYSTEM shell.
-
CVE-2026-58635 Exploit Development: From a Braille Table to SYSTEM shell
Exploit development for the Windows Narrator Braille vulnerability, from an unauthenticated BrlAPI parameter write to LocalService execution and an optional SYSTEM shell.
-
CVE-2026-52860: Vim Arbitrary Code Execution
Root cause and exploit primitive for GHSA-65p9-mwwx-7468 / CVE-2026-52860, a Vim Python omni-completion arbitrary code execution bug fixed in 9.2.0597.
-
Finding Gaps in Gemini CLI Security Boundaries
Two rejected Google VRP reports and one design concern from my Gemini CLI testing: a blocked-command bypass, an MCP startup policy bypass, and an MCP permission-scope issue.
Research areas
-
Vulnerability research
Source-guided audits, patch diffing, advisory bypasses, and maintainer-ready proof.
-
AI agent security
CLI sandboxes, MCP/tool permissions, command execution, and browser automation boundaries.
-
Windows LPE
Local privilege escalation research, n-day validation, drivers, services, and abuse primitives.
-
Exploit tooling
Harnesses, fuzzing setups, diff scripts, and reproducible artifacts that turn bugs into proof.