成果展示
成绩
累计获得2000多CVE,包揽微软、谷歌和苹果“历史最高漏洞奖金”
获得2021年首届“信创关键产品安全挑战赛”冠军
获得Pwnie Awards 2021年“史诗级成就奖“和”最佳提权漏洞奖“提名
获得Pwnie Awards 2020年“史诗级成就奖“
获得Pwnie Awards 2019年”最佳提权漏洞奖“
获得天府杯2018、2019及2020总冠军
获得Pwn2own 2017总冠军
议题
Put in One Bug and Pop Out More: An Effective Way of Bug Hunting in Chrome black hat USA
Typhoon Mangkhut: One-click Remote Universal Root Formed with Two Vulnerabilities black hat USA
Wideshears: Investigating and Breaking Widevine on QTEE black hat ASIA
Binder:安卓的阿喀琉斯之踵 MOSEC
从代码执行到沙箱逃逸:Chrome漏洞利用之旅 ISC
谷歌Pixel4的钉枪攻击之旅 ISC
Mapping MITRE ATT&CK To Microsoft Exchange Attack ISC
TiYunZong: An Exploit Chain to Remotely Root Modern Android Devices – Pwn Android Phones from 2015 to 2020 black hat USA
Take Down MacOS Bluetooth with Zero-click RCE
Three Dark Clouds over the Android Kernel PoC
Binder: The Bridge To Root HITB
A new way to execute shellcode in Android user space MOSEC
Hunting in the Near Field: An Investigation of NFC-related bugs of Android HITCON
Prison Break Season 6: Defeating the Mitigations Adopted by Android OEMs black hat ASIA
Dissect Android Bluetooth for Fun & Profit CodeBlue
Butterfly Effect and Program Mistake SyScan
Pwn a Nexus device with a single vulnerability CanSecWest
BadKernel – Exploit V8 with typo SyScan
安卓Chrome沙箱逃逸的一种姿势 MOSEC
Fuzzing Android System Services By Binder Call To Escalate Privilege black hat USA