Resume - Chaofan Shou

Education

UC Santa Barbara 10/2019 - 12/2021

BS in Computer Science

GPA: 4.0/4, Dean's Honor x 6, Honor Program Student

Led a 3-people CTF (cybersecurity competition) team. Got 6th place at DTCC CTF '20, finalist at CSAW CTF '20, 23rd place at iCTF '20, and 45th place at UIUC CTF '20.

Organized and wrote challenges for 3 CTFs (WeCTF '20/'20+/'21). These events have attracted more than 700 teams and been rated as one of the best web security oriented CTFs.

Research Experience

UCSB Verification Lab (PI: Prof. Tevfik Bultan)

Led researches related to browser side-channel mitigation bypasses and improved existing browser security policies, including Cross-Origin Read Blocking.

Conducted analysis on websites of medical industry and discovered 2 network side-channel vulnerabilities.

Working on hybrid fuzzing and implementing a concolic execution scheduler for fuzzers.

Shanghai Jiaotong University NSEC Lab (PI: Prof. Haojin Zhu)

Worked on identifying frauds against advertisers among mobile applications using static analysis and fuzzing. Conducted reverse engineering on 107 Android Apps and identified 2 malicious Apps with 1M+ downloads.

Publications

Chaofan Shou, İsmet Burak Kadron, Qi Su, Tevfik Bultan. "CorbFuzz: Checking Browser Security Policies with Fuzzing." ASE 2021. Available: https://arxiv.org/abs/2109.00398

Chaofan Shou. "PorkFuzz: Testing Stateful Software-Defined Network Applications with Property Graphs." ESEC/FSE 2021 SRC. Available: https://dl.acm.org/doi/pdf/10.1145/3468264.3473487

İsmet Burak Kadron, Chaofan Shou, Emily O'Mahony, Yılmaz Vural, Tevfik Bultan. "Black-Box Side-Channel Detection and Mitigation for Internet of Things." In review.

Work Experience

Salesforce @ Security Org San Francisco, CA

Security Engineer 12/2021 - Present

Contributed to the internal static analysis system, which is applied to 400+ internal projects and their dependencies, finding 3k+ potential vulnerabilities.

Security Engineer Intern 06/2021 - 09/2021

Created a distributed and scalable vulnerability scanning API using Pub/Sub model, handling 1M+ targets per second at peak. Deployed using Terraform on 14 AWS environments, including GovCloud.

Salesforce @ Marketing Cloud San Francisco, CA

Software Engineer Intern 06/2020 - 09/2020

Worked on an AWS EMR metrics collection library that publishes metrics to internal monitoring frameworks and helped instrument existing Hadoop/Spark jobs with it. This library has located 21 under-provisioned / over-provisioned jobs.

Selected Projects

LibAFL
Contributor

Added edge metadata (along with control flow graph) dumping functionality to LLVM passes used by AFL and implemented probabilistic sampling mechanism for testcase scheduling. Currently working on adopting polyhedral path abstraction into concolic testing / hybrid fuzzing mode.

Facebook OSS
Contributor

Contributed structural fuzzing test harness for facebook/yoga (layout engine) and facebook/hermes (JavaScript engine). The harness for facebook/hermes has been used to discover two memory-related vulnerabilities.

Selected Vulnerability Discoveries

CVE-2020-9329: Gogs, a widely used Git platform, has been discovered a race condition vulnerability.

CVE-2020-7105: An official Redis client has been discovered a null-pointer-dereferencing vulnerability.

CVE-2020-11709: cpp-httplib has been discovered a Header Injection vulnerability.

CVS Pharmacy: Discovered an SSRF vulnerability that allows attackers to access the internal network.

Netease: Discovered 2 severe XSS & CSRF vulnerabilities that could lead to 1.1 billion accounts takeover.

Faria Education Group: Provided information security consulting including security assessment, conducted 2 pentests, and identified 12 severe vulnerabilities.

Skills

Proficient: Python, PHP, C/C++, JavaScript/NodeJS, Golang, Rust, Vue, SQL

Familiar: Bash, Django, Laravel, Kotlin, React, HTML5/*CSS, Assembly, LLVM, OCaml, Substrate, Solidity

Working Knowledge: Kubernetes, WebRTC, AWS, Service Mesh, Spinnaker, Hadoop/Spark, Splunk