Stratascale
Stratascale
Rich Mirch

Rich Mirch

Principal Security Consultant

Rich Mirch currently serves as the Principal Security Consultant for Offensive Security at Stratascale. With a robust career spanning over 19 years in the IT industry, Rich has dedicated the past eight years to mastering offensive security, making significant contributions to the cybersecurity landscape.

In his role, Rich is an integral part of the Cybersecurity Research Unit, where he leads efforts in penetration testing and offensive security development. His work is pivotal in helping organizations identify vulnerabilities and strengthen their security posture against potential threats.

Rich's expertise is underscored by his industry certifications, including the Offensive Security Certified Professional (OSCP) and Offensive Security Wireless Professional (OSWP), which highlight his proficiency and commitment to advancing security practices.

By Rich Mirch

Vulnerability Advisory: Sudo Host Option Elevation of Privilege

Vulnerability Advisory: Sudo Host Option Elevation of Privilege

Jun 30, 2025

Stratascale's Cybersecurity Research Unit (CRU) uncovered a local privilege escalation vulnerability in Sudo (CVE-2025-32462). By exploiting the host option, attackers can gain root access on affected Linux systems. A patch is available, review your systems to stay secure.

Vulnerability Advisory:  Sudo chroot Elevation of Privilege

Vulnerability Advisory: Sudo chroot Elevation of Privilege

Jun 30, 2025

Stratascale’s Cybersecurity Research Unit (CRU) has identified a critical local privilege escalation vulnerability in Sudo (CVE-2025-32463). This flaw, tied to the chroot feature, allows any local unprivileged user to gain root access even without specific Sudo rules. Affected systems should be reviewed immediately to ensure a patched version is installed.

Vulnerability Advisory: Ubuntu Apport Insecure File Permissions

Vulnerability Advisory: Ubuntu Apport Insecure File Permissions

Jun 12, 2025

Stratascale’s Cybersecurity Research Unit (CRU) discovered an information disclosure vulnerability in Ubuntu’s Apport crash reporting system (CVE-2025-5467). Improper file permissions allowed users in the same group to access sensitive crash data. Ubuntu has released a fix, update now to stay secure.

Vulnerability Advisory: Osquery Component Bundled with Microsoft Defender for Endpoint on Linux

Vulnerability Advisory: Osquery Component Bundled with Microsoft Defender for Endpoint on Linux

May 27, 2025

Stratascale's Cybersecurity Research Unit (CRU) discovered a local privilege escalation flaw in Microsoft Defender for Endpoint on Linux (CVE-2025-47161). The Osquery component allowed unprivileged users to gain root access. Microsoft has issued a patch—learn more to stay protected.

Vulnerability Advisory: Microsoft Defender for Endpoint on Linux Elevation of Privilege

Vulnerability Advisory: Microsoft Defender for Endpoint on Linux Elevation of Privilege

May 13, 2025

Stratascale's Cybersecurity Research Unit (CRU) recently discovered an elevation of privilege vulnerability in Microsoft Defender for Endpoint on Linux and disclosed the vulnerability to the Microsoft Security Response Center (MSRC) who assigned it CVE-2025-26684 and released a fix.