成果展示

成绩

累计获得2000多CVE,包揽微软、谷歌和苹果“历史最高漏洞奖金”

获得Pwnie Awards 2021年“史诗级成就奖“和”最佳提权漏洞奖“提名

获得Pwnie Awards 2020年“史诗级成就奖“

获得Pwnie Awards 2019年”最佳提权漏洞奖“

获得天府杯2018、2019及2020总冠军

获得Pwn2own 2017总冠军

议题

Put in One Bug and Pop Out More: An Effective Way of Bug Hunting in Chrome black hat USA

Typhoon Mangkhut: One-click Remote Universal Root Formed with Two Vulnerabilities black hat USA

Wideshears: Investigating and Breaking Widevine on QTEE black hat ASIA

Binder:安卓的阿喀琉斯之踵 MOSEC

从代码执行到沙箱逃逸:Chrome漏洞利用之旅 ISC

谷歌Pixel4的钉枪攻击之旅 ISC

Mapping MITRE ATT&CK To Microsoft Exchange Attack ISC

TiYunZong: An Exploit Chain to Remotely Root Modern Android Devices – Pwn Android Phones from 2015 to 2020 black hat USA

Take Down MacOS Bluetooth with Zero-click RCE

Three Dark Clouds over the Android Kernel PoC

Binder: The Bridge To Root HITB

A new way to execute shellcode in Android user space MOSEC

Hunting in the Near Field: An Investigation of NFC-related bugs of Android HITCON

Pwning “the toughest target”: the exploit chain of winning the largest bug bounty in the history of ASR program DefCon26

Prison Break Season 6: Defeating the Mitigations Adopted by Android OEMs black hat ASIA

Dissect Android Bluetooth for Fun & Profit CodeBlue

Butterfly Effect and Program Mistake SyScan

Pwn a Nexus device with a single vulnerability CanSecWest

BadKernel – Exploit V8 with typo SyScan

安卓Chrome沙箱逃逸的一种姿势 MOSEC

Fuzzing Android System Services By Binder Call To Escalate Privilege black hat USA