Jul 2025 – Aug 2025 · 1 mo

• Crack MCP Authorization Stuffs

Jan 2025 – Aug 2025 · 7 mos · Baltimore, Maryland, United States · On-site

• Advised by Dr. Yinzhi Cao and mentored by Zhengyu Liu. Conducted advanced research on language security and AI system security, focusing on emerging threats in modern programming language ecosystems, LLM-integrated applications and AI agent frameworks. This work has resulted in 20+ CVEs impacting widely used open-source projects (RCE, XSS, Data Exfiltration, Auth Bypass, DoS), including those maintained by Microsoft, Google, Meta, Ant Group, Hugging Face, and other major vendors.
• The produced paper was accepted by IEEE S&P 2026 with all positive reviews.

Sep 2024 – Jan 2025 · 4 mos · Baltimore, Maryland, United States · On-site

• Software Vulnerability Analysis (EN.650.660)
• Designed and developed concrete homework5 lab binary for students. The binary is vulnerable to heap overflow and unlink vulnerability. By chaining the exploitation of heap overflow, unlink arbitrary write, GOT entry overwrite and ROP chain creation, students are able to pwn the binary to invoke a shell.
• The program is DEP enabled but combined with these attack techniques, students can hijack the control flow to get shell.

May 2024 – Aug 2024 · 3 mos · Palo Alto, California, United States · On-site

• Led four offensive research projects on OAuth 2.0 and OpenID Connect flaws (misimplementation, misconfiguration, misadoption, misintegration), uncovering 600+ critical vulnerabilities enabling token hijacking, account takeovers, data exfiltration, and 2FA bypass across CRM, HR, and financial SaaS platforms.
• Authored 3 in-depth research blogs on identity threats, cited by industry analysts, driving vendor remediation and bounty rewards; amplified Obsidian’s reputation as a leader in identity threat detection.
• Developed an automated toolkit for detecting OAuth 2.0/OpenID Connect vulnerabilities across SaaS platforms, streamlining end-to-end testing and rapid identification of misconfigurations and token leakage vectors.

May 2021 – Dec 2021 · 7 mos · Shanghai · On-site

• Developed and optimized 800+ IDS detection rules to identify network/web attacks, hacking tool fingerprints,
• and advanced threats (e.g., C2 beacons, lateral movement), improving detection accuracy by 200%.
• pplied threat intelligence and behavioral analysis to enhance rule efficacy against evasion techniques (e.g.,
• obfuscation, protocol tunneling).

Dec 2020 – May 2021 · 5 mos · Hang Zhou · On-site

• Performed security assessments (web/mobile apps, infrastructure) for 35+ clients from varied sectors (e.g.,
• finance, healthcare, e-commerce), uncovering 100+ critical vulnerabilities (OWASP Top 10, CVSS ≥7.0).
• Delivered actionable remediation plans that reduced clients’ attack surface by 60% on average, while
• developing custom exploit scripts to demonstrate business impact.