Skip to content
View azqzazq1's full-sized avatar
4 followers · 1 following

Block or report azqzazq1

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
azqzazq1/README.md





whoami

handle: azqzazq1

roles:
  - Security Researcher
  - Red Team Engineer
  - Vulnerability Analyst
  - System-Level Security Specialist

focus:
  - Linux / Windows privilege boundaries
  - Offensive security research
  - Cloud & container attack surfaces
  - Root cause analysis & exploit path engineering
  - Coordinated disclosure & CVE research

philosophy:
  - systems are layered trust models
  - assumptions fail before software does
  - observation is not always reality

./featured_research

🧨 CVE-2026-7867 β€” Coordinated Vulnerability Research

Research conducted on a Linux system component involving authorization logic and privilege boundary handling.

The issue was identified during advanced Red Team and system-level security research and responsibly disclosed to the vendor.

+ Research Area   : Linux Authorization Logic
+ Scope           : Privilege Boundary Analysis
+ Disclosure      : Coordinated with Vendor
+ CVE Status      : Assigned
- Technical Data  : Temporarily Withheld

Full technical analysis and root cause breakdown will be published after coordinated disclosure timelines are completed.

🧊 IceWarp CVE-2025-14500 β€” Root Cause & Reverse Engineering

World-first technical analysis of IceWarp CVE-2025-14500, including root cause review and exploitation surface mapping.

+ Research Type   : Reverse Engineering
+ Focus           : Exploitation Surface Mapping
+ Output          : Public Technical Analysis
+ Status          : Published

./red_team_research

πŸ”΄ eBPF Telemetry Redaction β€” Kernel-Level Red Team Technique

A Red Team research technique focused on changing what defensive systems believe they observed.

Instead of disabling telemetry or terminating agents, this research explores runtime syscall observation and controlled data transformation using eBPF.

+ Technique   : eBPF Telemetry Redaction
+ Layer       : Syscall Observation Layer
+ Surface     : Security Telemetry Streams
+ Model       : Runtime Data Transformation
+ Principle   : Observation β‰  Reality
NORMAL TELEMETRY FLOW

process β†’ syscall β†’ agent β†’ SIEM β†’ analyst


RESEARCHED ATTACK MODEL

process β†’ syscall β†’ eBPF layer β†’ agent β†’ SIEM
                          └─ selective transformation

Security systems do not directly observe reality. They observe interpreted runtime data streams.

πŸ”΄ LID(Linux Integrity Drift)

A Red Team research technique that bypasses AppArmor mandatory access control using eBPF β€” without disabling it, without modifying it, and without leaving a single audit log entry.

LID attaches a BPF kprobe to the kernel's file-open path and rewrites the filename in user memory before the LSM framework checks it. AppArmor enforces the wrong path. The process reads the protected file.

+ Technique   : eBPF Pre-LSM Pathname Rewriting
+ Layer       : Syscall Argument Manipulation
+ Surface     : LSM Security Decision Input
+ Target      : AppArmor (pathname-based MAC)
+ Audit Trail : Zero β€” denial never occurs
+ Principle   : The gate was never breached. It was misdirected.
LID + SUNNYDAYBPF β€” COMBINED ATTACK MODEL

             β”Œβ”€β”€β”€ LID rewrites path ───┐
             β”‚                          β”‚
process β†’ syscall β†’ LSM check β†’ VFS β†’ success
                                  β”‚
             β”Œβ”€β”€ SunnyDayBPF β”€β”€β”€β”€β”€β”˜
             β”‚
        agent β†’ SIEM β†’ analyst sees nothing

LID bypasses the security gate. SunnyDayBPF blinds the cameras. Combined: ghost access.

./projects

βš™οΈ MCP36 PoC

First public PoC research and attack surface validation for MCP36.

+ Type     : Proof of Concept
+ Focus    : Attack Surface Research
+ Status   : Published

πŸ‰ Judozi

Kernel-level privilege escalation research tooling and Linux exploit framework.

+ Type     : Offensive Tooling
+ Focus    : Kernel PrivEsc Research
+ Mode     : Modular Framework

./arsenal



./stats





./mission

Research offensive security from the system boundary.

Not only how to exploit a bug,
but why the design allowed the bug to become exploitable.

Not only how telemetry is collected,
but why defenders trust what they observe.

contact

github: https://github.com/azqzazq1
blog:   https://mileniumsec.com

Popular repositories Loading

  1. SunnyDayBPF SunnyDayBPF Public

    SunnyDayBPF: eBPF-based post-syscall user-buffer telemetry deception research by Azizcan Daştan

    Python 2 1

  2. judozi judozi Public

    Automatic Linux Local PrivEsc Tool

    Go 1

  3. hi hi Public

    HTML

  4. Pentest-Tips Pentest-Tips Public

    Hello Everyone. This is my github account where I share the test scenarios I came across. The names of the companies will not be shared unless I receive permission.

  5. open-webui open-webui Public

    Forked from open-webui/open-webui

    User-friendly WebUI for LLMs (Formerly Ollama WebUI)

    Svelte

  6. Full-Security-Arch Full-Security-Arch Public