Skip to content
View sys0xFF's full-sized avatar

Highlights

  • Pro

Block or report sys0xFF

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
sys0xFF/README.md

banner

Anthony Sforzin

Engenheiro de software e pesquisador de segurança ofensiva. Desenvolvimento full-stack e pesquisa de vulnerabilidade com disclosure coordenado, do código de aplicação ao kernel.

São Paulo, Brasil · Engenharia de Software @ FIAP

Trabalho

  • Desenvolvimento full-stack e backend: Java, TypeScript, Python, C++.
  • Pesquisa de vulnerabilidade, engenharia reversa e pentest.

Destaques

  • CVE-2025-61155 — pesquisador co-creditado (com Gabriel Maciel Ramos e Gabriel Gomes). Falha de controle de acesso em driver de kernel assinado no Windows (GameDriverX64.sys): um IOCTL sem privilégio alcança ZwTerminateProcess em contexto de kernel, permitindo encerrar processos arbitrários, inclusive serviços de segurança protegidos (classe BYOVD / EDR-killer). CWE-400 · CVSS 5.5.
  • pagewright — skill para o Claude Code que gera landing pages a partir de um brief de uma linha. Python.
  • Caustic — projeto pessoal de pesquisa de segurança: política de disclosure de 90 dias, contato PGP, advisories públicos.

Certificações

  • CRTA — Certified Red Team Analyst (CyberWarFare Labs)
  • NPP — Novo Pentest Profissional (Desec Security)

Stack

Java · TypeScript · Python · C++

Contato

Popular repositories Loading

  1. pagewright pagewright Public

    Design-grade SaaS landing pages, generated, not templated. A Claude Code skill.

    Python

  2. anglis anglis Public

    Anglis — reposicionamento de marca, landing page e demo de plataforma. Consultoria para o FIAP NEXT.

    JavaScript

  3. sys0xFF sys0xFF Public

    GitHub profile

  4. tc-pr-scope-poc tc-pr-scope-poc Public

    Forked from n4sh7/tc-pr-scope-poc

    Authorized Mozilla bug-bounty PoC (F-6 Taskcluster PR trust boundary)

  5. CVE-2025-61155 CVE-2025-61155 Public

    CVE-2025-61155 — arbitrary process termination in GameDriverX64.sys (Tower of Fantasy anti-cheat). Original IDA Pro teardown, PoC, YARA, IOCs, mitigation.

    YARA