Resume
About me
I am a mobile security researcher employed at STAR LABS SG, focusing primarily on iOS, macOS, and web vulnerability discovery and exploitation. My experience includes the identification and reporting of more than 30 Apple CVEs, as well as successful compromises of macOS and MS Teams. I have achieved targets in the web category of Pwn2Own and obtained the OSCP certificate. I’ve also had the honor of speaking at International conferences like Zer0Con, POC, OffensiveCon, 0x41Con, and HITB Armory. Prior to my current role, I was a member of Alibaba Security Pandora Lab and Qihoo 360 Nirvan Team.
Work Experience
2018-07 - 2019-11 : Intern macOS Security Engineer in Qihoo 360 Nirvan Team
2020-07 - 2022-06 : Senior Security Engineer in Alibaba Security Pandora Lab
2022-07 - present : Mobile Security Researcher in STAR Labs SG Pte. Ltd.
Conference
| Name | Type | Link |
|---|---|---|
| Zer0Con2021 | Online | Three Layers in Apple Driver Bug Hunting: Pwn macOS Big Sur in One Shot |
| POC2022 | Seoul, Korea | The Journey To Hybrid Apple Driver Fuzzing |
| OffensiveCon2023 | Berlin, Germany | Unearthing Vulnerabilities in the Apple Ecosystem: The Art of KidFuzzerV2.0 |
| 0x41Con2023 | Barcelona, Spain | iOS Fuzzing Techniques (Mach BSD IOKit and Firmwares) |
| HITB Phuket Armory 2023 | Phuket, Thailand | KidFuzzer V2 Updated version |
Education
Wuhan NO.6 High School (2013-2016)
Science
South-Central University for Nationalities (2016-2020)
B.S. in Computer Science
Skill List
Programming : C/C++/Objective-C, Kernel(XNU), Web Pentesting, etc
English : IELTS 6.5 (7.5 7.5 5.5 6.0)
APS : Passed with full score in written examination
Swim : 4x50m champion in 2018’s School Sport Day, 50m runner-up in 2019’s School Sport Day
Kyudo : Amateurs for around one year exprerience
Krav Maga : Practitioner level3