Offensive security and vulnerability research — from application-level code to the kernel — with coordinated disclosure, reverse engineering, and fuzzing.
Software Engineering student & IT Support Intern @ FIAP (São Paulo)
I run Caustic — an independent security research lab. Vulnerability research and coordinated disclosure, from application code to kernel and firmware.
- CVE-2025-61155 — co-credited researcher (with Gabriel Maciel Ramos and Gabriel
Gomes). Access-control flaw in a signed Windows kernel-mode driver (Hotta Studio,
GameDriverX64.sys): an unprivileged IOCTL reachesZwTerminateProcessin kernel context, allowing termination of arbitrary processes including protected security services (BYOVD / EDR-killer class). NVD: CWE-400 / CVSS 5.5. Subsequently weaponized in the wild by Interlock ransomware and documented by FortiGuard Labs and CyberPress.
- CRTA — Certified Red Team Analyst (CyberWarFare Labs)
- NPP — Novo Pentest Profissional (Desec Security)
- Caustic — https://github.com/causticsec
- LinkedIn — https://www.linkedin.com/in/anthony-sforzin/