Publications

C. Shou, I.B. Kadron, Q. Su, T. Bultan, CorbFuzz: Checking Browser Policy with Fuzzing (Accepted to ASE 2021) Preprint
C. Shou, PorkFuzz: Testing Stateful Software-Defined Network Applications with Property Graphs (Accepted to ESEC/FSE 2021 SRC) Paper
Some other papers... (In Review)

Work Experience

Security Engineer Intern @ Salesforce Security Org (June-Sept 2021)
Software Engineer Intern @ Salesforce Marketing Cloud (June-Sept 2020)

Projects

DAudit: DAudit provides Ops team an easier interface to evaluate risks in configuration of databases and big data toolkits. (https://github.com/shouc/daudit)

Sexpert: A wordpress plugin for handling Q&A in a CRM way. (Demo: http://sexinfoonline.com/ Code: https://github.com/shouc/sexpert)

Bug Trophy Case

Software:

chromium/chromium: security policy bypass reports
gogs/gogs: bug report CVE-2020-9329
redis/hiredis: bug report CVE-2020-7105
yhirose/cpp-httplib: bug report CVE-2020-11709
gin-gonic/gin: bug report

Blockchain:

Polygon Edge: multiple DoS allowing 51% attacks
Helium Network: multiple DoS and PoC manipulation

DeFi:
Contact me for details

Failed Startups

IBKiller / Zwang Inc.

Description: IBKiller is a web platform for highschool students to share notes and videos, as well as practicing exam-style questions. The DAUs have once reached 800+.
Failed Reason: Focus too much on technical aspect / Product not resistant to policy changes
Stack used: Golang, Vue.js, MySQL, WebRTC, Redis, ELK, Kubernetes (GKE), Laravel(PHP), MySQL, AWS
$ Invested: > 50,000
Time Invested: 2 years

Screen Shot 2020-11-14 at 9.01.08 PM

Screen Shot 2020-11-14 at 9.01.25 PM

Crawl.sh

Description: Crawl.sh is a crawler synthesis tool for people who don't know programming. User could synthesize a crawler that bypasses anti-crawler mechanism just by clicking a few buttons. The crawler created can then be run on hundreds of nodes in the cluster.
Failed Reason: No customer / Can't find marketing guy
Stack used: Python, Selenium, Vue.js, Celery, Tensorflow
$ Invested: > 3,000
Time Invested: > 6 months

Twoquick

Description: Something not that legal
Failed Reason: No user / Become illegal
Stack used: Golang, Istio, React
$ Invested: about 0

Coursework

DPLL: A SAT solver implementation in Racket. (https://github.com/shouc/cs292c-hw3)

Ternary search tree: Binary search tree but each node has three children. (https://github.com/shouc/cs130a-proj1)

TCP & Reliable UDP: Implemented TCP and reliable UDP (adding ACK) server & client that support multithreading in C. (https://github.com/shouc/cs176a-proj1)

CFG to CNF: Convert context free grammar to chomsky normal form. (https://github.com/shouc/cfg_to_cnf)