Gabriel Rodrigues de Oliveira

I am a researcher and penetration tester at https://hakaisecurity.io/ I have one year of experience in the offensive security field. CPTS certified. My friends call me “Texugo” because one of them once said I look like one.

Who protect the defender?

In SIEM/XDR architectures, the Master is the king and the agents obey. But what happens when the hierarchy is reversed?
In this talk, we will dissect CVE-2026-25769, a critical Insecure Deserialization vulnerability in Wazuh that allows a compromised Worker to achieve remote code execution on the Master. We will analyze the impact of this vulnerability from an APT perspective and walk through the entire vulnerability discovery process.