I love low-level programming and binary exploitation. In my free time, I develop system software such as OS kernels and hypervisors, and enjoy playing CTF (pwn). In my research, I focus on bug finding using static analysis. I share my knowledge on my blog.

Projets

Binary Exploitation 101

The beginner-friendly guide to binary exploitation explains fundamental attack techniques such as Buffer Overflow and ROP (Return-Oriented Programming), with corresponding mitigations like SSP (Stack Smashing Protector) and ASLR (Address Space Layout Randomization) and their bypass. It also covers modern mitigations such as Arm MTE and Intel CET, giving you insights into how programs work and the ideas behind attacks and defenses.

Linux Kernel Exploitation

The blog series about advanced Linux kernel exploitation techniques such as DirtyPageTable and USMA (User Space Mapping Attack), lets you learn modern attack methods used in real-world Linux kernel exploitation through hands-on, CTF-like challenges.

Future Plans

• To gain a deep understanding of CPU side-channel attacks like Meltdown, I plan to develop a RISC-V CPU with branch prediction and speculative execution, and based on that experience, write a blog post about side-channel attacks.
• I plan to learn fuzzing and write a blog post about it, with a particular focus on Linux kernel.
• I also plan to write an article on bug finding using static analysis tools.

To Sponsors

I want to share the knowledge I’ve gained with as many people as possible. Writing blog posts, however, takes a lot of time and effort. If you sponsor me, it would boost my motivation and help me create better content. Support doesn’t have to be financial; simply starring my projects on GitHub or leaving comments is also very encouraging.