Skip to content
View Lucid-Duck's full-sized avatar

Block or report Lucid-Duck

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
Lucid-Duck/README.md

Lucid Duck

Linux kernel debugging. Wireless security research. Finding bugs that weren't supposed to exist.

Upstream Kernel Contributions | devinwittmayer@gmail.com

Security Research (January 2026)

Enterprise Endpoint Protection

  • Reverse engineered proprietary binary IPC protocol to discover quarantine bypass and cloud log injection vulnerabilities in a major security vendor's Linux EDR product. Malware can survive detection indefinitely; audit logs can be poisoned with fabricated paths visible in the cloud admin console. CVSS 7.1-7.3 (High).

Network Monitoring Appliance

  • Discovered local privilege escalation to root RCE in an enterprise network monitoring agent via symlink following + ld.so.preload injection. Any local user achieves persistent root access affecting all process execution system-wide. CVSS 8.8-9.3 (Critical).

Enterprise VPN Infrastructure

  • Vendor licensing restrictions blocked normal operation, so I reverse engineered the entire system from compiled binaries alone—no documentation, no references, no source code. Reconstructed the complete XML profile schema from scratch by tracing code paths through disassembly. Fixed unrelated bugs in the binary just to reach the vulnerable code paths. This pure black-box analysis revealed:
    • Virtual gateway firmware with empty root password and single-character hardcoded credentials. Achieved root shell via GRUB modification; SSH authentication bypass proven. CVSS 9.8 (Critical).
    • Command injection in VPN client route handling—traced user-controlled XML data through snprintf() directly to system() as root via static analysis. CVSS 9.0 (Critical).

IoT/Embedded Systems

  • Unauthenticated D-Bus RCE on network camera firmware. Reverse engineered binary event condition serialization format to trigger arbitrary command execution via user-controllable virtual inputs. Privilege escalation grants hardware GPIO, storage, and messaging access.

Kernel Driver Work

Upstream Patches

Security Research

Blog

  • justthetip.ca — Technical write-ups on driver debugging and security research

What I Do

  • Vulnerability research in enterprise security products (EDR, VPN, network monitoring)
  • Binary reverse engineering without source code or documentation
  • Protocol analysis and proprietary format decoding
  • Root cause analysis in kernel subsystems (mac80211, USB, wireless drivers)
  • Exploit development and proof-of-concept creation
  • Technical writing that gets bugs fixed

Looking For

Remote security research, vulnerability research, or driver development roles.

Contact: devinwittmayer@gmail.com | Vancouver Island, BC | Available immediately

Popular repositories Loading

  1. 8821au-20210708 8821au-20210708 Public

    Forked from morrownr/8821au-20210708

    RTL8821AU driver — Linux kernel 6.18+ compatible fork.

    C

  2. wifi-pentest-comparisons wifi-pentest-comparisons Public

    WiFi adapter comparisons for penetration testing — chipset analysis and monitor mode support.

  3. tx-resources-flow-control tx-resources-flow-control Public

    Linux kernel patch — USB TX resources flow control for wireless drivers.

    Shell

  4. rtw89 rtw89 Public

    Forked from morrownr/rtw89

    Linux drivers for Realtek Wi-Fi 6/6E and Wi-Fi 7 adapters and cards

    C

  5. Lucid-Duck Lucid-Duck Public

    Profile README

  6. rtw89-kernel-patch rtw89-kernel-patch Public archive

    Superseded by tx-resources-flow-control — rtw89 USB TX flow control patch (archived)

    C