About Us

Bytrep Advanced Security is a Moroccan cybersecurity platform (toward a society) founded with a strategic technical vision. The platform specializes in offensive engineering and digital defense, providing precise and legal solutions to combat the most serious digital threats of our time. It is fully compliant with international regulations, such as the General Data Protection Regulation (GDPR).

We serve all entities and individuals who respect legal frameworks and ethical cybersecurity principles, offering advanced tools and services within fully licensed environments.

Our Research Department

Bytrep has a cybersecurity research department, led by a cybersecurity engineer known for his efforts in publishing high-impact vulnerabilities and developing advanced exploits. He also makes valuable contributions to security research and prepares important reports.

About Our Engineer

An offensive cyberweapons engineer with over Several years of extensive experience in vulnerability development, kernel exploitation, bypass techniques, and penetration testing.

Combines advanced research, strategic planning, and programming proficiency to build advanced offensive tools and frameworks.

Skills include:

• Developing low-level tools using assembly languages, C, and C++.
• Building tools such as the kernel framework, PacketMist, the Webmin Exploit tool, and Reverse Shell x86.
• Analyzing protocols .
• Creating scanning and obfuscation tools such as advanced LFI scanners, passive spy tools, and ARP spoofing detectors.
• Writing secure, XOR-encrypted attack code for analysis.

GitHub Publications

& Platform bytrep.com

His GitHub account hosts several Proof-of-Concept (PoC) exploits and advanced tools, including but not limited to:

• IBM MQ SSL Protocol Bypass Vulnerability (CVE-2025-36041)
• CVE-2025-2783 Bypass protection in Google Chrome on Windows via Mojo IPC data manipulation
• CVE-2025-6907 SQL injection in Car Rental System v1.0 via /book_car.php using fname
• CVE-2025-6860 Double SQL injection in Best Beauty Salon Management System via fromdate and today
• CVE-2025-5964 Path traversal in M-Files server via improperly sanitized API endpoints
• CVE-2024-4577 Argument injection vulnerability in PHP-CGI on Windows that allows remote command execution
• CVE-2025-39913 UAF in kernel ≤ 6.12.38 linux (psock-cork)
• CVE-2025-11077 SQL Injection in Online Learning Management (add_content.php)
• CVE-2025-39866 use-after-free and race condition in linux kernel 6.12.16
• CVE-2025-59342 Path traversal vulnerability in esm.sh (esm-dev)
• CVE-2025-10046 SQL injection ELEX WooCommerce Google Shopping
• CVE-2025-9090 Command Injection in Tenda AC20 16.03.08.12 (/goform/telnet)
• CVE Analysis : CVE-2025–36041 Deep Dive: IBM MQ Architecture, Exploitation, and Mitigation
• CVE Analysis :CVE-2025-39913: Linux Kernel eBPF SOCKMAP Use-After-Free Vulnerability
• Resesarch : Branch Predictors - ASLR
• Research : AVX-Based Timing Side Channel
..etc

All of these exploits, and many more, are written in C and Assembly and are publicly available on GitHub. They are distributed exclusively. For ethically approved testing, we provide environments with strict documentation and transparency.