Windows COM (Component Object Model) is an essential yet complex part of the OS, responsible for enabling interprocess communication. While well-documented on the surface, COM's internal behaviors by many researcher by still hide attack surfaces that are underexplored.

In this talk, I will take you through my personal journey of discovering a pre-authentication COM vulnerability in Windows. Starting from understanding COM internals and how to access their stubs simply, then fuzzing them using harnesses built on kAFL and WTF, I’ll show the steps that led to a successful vulnerability discovery.

I’ll also briefly examine previous COM-related CVEs and some researches, what patterns they share, and how I used those lessons in my own approach. Finally, I will present the technical root cause of the vulnerability I found (Case-88235, CVE-2025-29841), followed by a demo of how it could be exploited in a pre-auth scenario.

This talk is intended for vulnerability researchers, reverse engineers, and Windows security enthusiasts interested in novel pre-auth attack vectors and practical bug-hunting methodology.