Organized and wrote challenges for 3 CTFs (WeCTF '20/'20+/'21). These events have attracted more than 700 teams and been rated as one of the best web security oriented CTFs.
UCSB Verification Lab
Led researches related to browser side-channel mitigation bypasses and improved existing browser security policies, including Cross-Origin Read Blocking.
Conducted analysis on websites of medical industry and discovered 2 network side-channel vulnerabilities.
Working on hybrid fuzzing and implementing a concolic execution scheduler for fuzzers.
Shanghai Jiaotong University NSEC Lab
Worked on identifying frauds against advertisers among mobile applications using static analysis and fuzzing. Conducted reverse engineering on 107 Android Apps and identified 2 malicious Apps with 1M+ downloads.
Chaofan Shou, İsmet Burak Kadron, Qi Su, Tevfik Bultan. "CorbFuzz: Checking Browser Security Policies with Fuzzing." ASE 2021. Available: https://arxiv.org/abs/2109.00398
İsmet Burak Kadron, Chaofan Shou, Emily O'Mahony, Yılmaz Vural, Tevfik Bultan. "Black-Box Side-Channel Detection and Mitigation for Internet of Things." In review.
Salesforce @ Security Org
San Francisco, CA
12/2021 - Present
Contributed to the internal static analysis system, which is applied to 400+ internal projects and their dependencies, finding 3k+ potential vulnerabilities.
Security Engineer Intern
06/2021 - 09/2021
Created a distributed and scalable vulnerability scanning API using Pub/Sub model, handling 1M+ targets per second at peak. Deployed using Terraform on 14 AWS environments, including GovCloud.
Salesforce @ Marketing Cloud
San Francisco, CA
Software Engineer Intern
06/2020 - 09/2020
Worked on an AWS EMR metrics collection library that publishes metrics to internal monitoring frameworks and helped instrument existing Hadoop/Spark jobs with it. This library has located 21 under-provisioned / over-provisioned jobs.
Added edge metadata (along with control flow graph) dumping functionality to LLVM passes used by AFL and implemented probabilistic sampling mechanism for testcase scheduling. Currently working on adopting polyhedral path abstraction into concolic testing / hybrid fuzzing mode.
Selected Vulnerability Discoveries
CVE-2020-9329: Gogs, a widely used Git platform, has been discovered a race condition vulnerability.
CVE-2020-7105: An official Redis client has been discovered a null-pointer-dereferencing vulnerability.
CVE-2020-11709: cpp-httplib has been discovered a Header Injection vulnerability.
CVS Pharmacy: Discovered an SSRF vulnerability that allows attackers to access the internal network.
Netease: Discovered 2 severe XSS & CSRF vulnerabilities that could lead to 1.1 billion accounts takeover.
Faria Education Group: Provided information security consulting including security assessment, conducted 2 pentests, and identified 12 severe vulnerabilities.