Piotr Bazydło

@chudypb@infosec.exchange
259 Followers
83 Following
75 Posts
Principal Vulnerability Researcher at the watchTowr | Previously: Zero Day Initiative | @chudypb
Infohttps://chudypb.github.io
Piotr BazydłoJun 19
buheratorJun 19
👷 After 15 years of entrepreneurship and a few months of sabbatical I'm looking for a regular old job.

My ideal role would be primarily technical, aimed to dissect software to uncover vulnerabilities. Beyond bug mining I'd love to learn to mine better and make new kinds of pickaxes.

My public works and contact info are on my homepage:

https://scrapco.de

Get in touch if you want to know more!

Boosts are appreciated! #FediHire
Piotr BazydłoJun 17

And domain-level RCE in Veeam B&R fixed today (CVE-2025-23121). My first (and hopefully not last) CVE, where I'm credited together with @codewhitesec 😎

https://www.veeam.com/kb4743

KB4743: Vulnerabilities Resolved in Veeam Backup & Replication 12.3.2

Vulnerabilities Resolved in Veeam Backup & Replication 12.3.2

Veeam Software
Piotr BazydłoJun 17

My Sitecore CMS pre-auth RCE chain blog is public now. Enjoy 🫡

https://labs.watchtowr.com/is-b-for-backdoor-pre-auth-rce-chain-in-sitecore-experience-platform

Is b For Backdoor? Pre-Auth RCE Chain In Sitecore Experience Platform

Welcome to June! We’re back—this time, we're exploring Sitecore’s Experience Platform (XP), demonstrating a pre-auth RCE chain that we reported to Sitecore in February 2025. We’ve spent a bit of time recently looking at CMS’s given the basic fact that they represent attractive targets for

watchTowr Labs
Piotr BazydłoMay 20
Bad Sector LabsMay 19

Certipy 5 (@ly4k_), MobileIron pwnage (@chudypb), new CRTO pricing (@_ZeroPointSec), Volatility 3 parity (@volatility), and more!

https://blog.badsectorlabs.com/last-week-in-security-lwis-2025-05-19.html

Last Week in Security (LWiS) - 2025-05-19

Certipy 5 (@ly4k_), MobileIron pwnage (@chudyPB), new CRTO pricing (@_ZeroPointSec), Volatility 3 parity (@volatility), and more!

Bad Sector Labs Blog
Piotr BazydłoMay 15

I did my first 1daying ride with my friend Sonny. Enjoy🫡

Ivanti EPMM: CVE-2025-4427 and CVE-2025-4428 pre-auth RCE chain.

https://labs.watchtowr.com/expression-payloads-meet-mayhem-cve-2025-4427-and-cve-2025-4428/?123

Expression Payloads Meet Mayhem - Ivanti EPMM Unauth RCE Chain (CVE-2025-4427 and CVE-2025-4428)

Keeping your ears to the ground and eyes wide open for the latest vulnerability news at watchTowr is a given. Despite rummaging through enterprise code looking for 0days on a daily basis, our interest was piqued this week when news of fresh vulnerabilities was announced in a close friend -

watchTowr Labs
Piotr BazydłoMar 29

Some serious question about a larg-scale usage of AI in Vuln Research.

Aren't you afraid of missing some key datails by outsourcing huge tasks to AI? I am.

If you rely on a tool, you're as good as your tool. If AI screws in a huge project, you probably won't even notice that.

Piotr BazydłoMar 25
Bad Sector LabsMar 25

Next.js auth bypass (@zhero___ + @inzo____), ServiceNow for red teamers (@__invictus_), Veeam RCE - again! (@chudypb), ArgFuscator (@wietze), and more!

https://blog.badsectorlabs.com/last-week-in-security-lwis-2025-03-24.html

Last Week in Security (LWiS) - 2025-03-24

Next.js auth bypass (@zhero___ + @inzo____), ServiceNow for red teamers (@__invictus_), Veeam RCE - again! (@chudyPB), ArgFuscator (@Wietze), and more!

Bad Sector Labs Blog
Piotr BazydłoMar 20

It seems that our Veeam CVE-2025-23120 post is live.

I would never do this research without @SinSinology He insisted a lot, thx man. 😅

If you know CVE-2024-40711, this vuln can be patch-diffed and exploit armed in 5 minutes. Unfortunately, it's super simple at this point.

https://labs.watchtowr.com/by-executive-order-we-are-banning-blacklists-domain-level-rce-in-veeam-backup-replication-cve-2025-23120/

By Executive Order, We Are Banning Blacklists - Domain-Level RCE in Veeam Backup & Replication (CVE-2025-23120)

It’s us again! Once again, we hear the collective groans - but we're back and with yet another merciless pwnage of an inspired and clearly comprehensive RCE solution - no, wait, it's another vuln in yet another backup and replication solution.. While we would enjoy a world in which

watchTowr Labs
Piotr BazydłoMar 17

My first watchTowr post is out! It was my first take on a CMS solution and I was able to get some interesting pre-auth RCE chains on Kentico Xperience. 😎

"In today's post, we dive into Kentico's Xperience CMS - highlighting multiple Authentication Bypass vulns chained with a post-auth RCE..."

https://labs.watchtowr.com/bypassing-authentication-like-its-the-90s-pre-auth-rce-chain-s-in-kentico-xperience-cms/

Bypassing Authentication Like It’s The ‘90s - Pre-Auth RCE Chain(s) in Kentico Xperience CMS

I recently joined watchTowr, and it is, therefore, time - time for my first watchTowr Labs blogpost, previously teased in a tweet of a pre-auth RCE chain affecting some ‘unknown software’. Joining the team, I wanted to maintain the trail of destruction left by the watchTowr Labs team, and so

watchTowr Labs
Piotr BazydłoFeb 13

Great news: I got invited to Microsoft Zero Day Quest onsite event.

Bad news: It overlaps with my kid's estimated due date 😅

Happy hacking to all of you who's planning to go to Redmond 😎