Resume


Profile

A security researcher in STARLABS Singapore who specializes in vulnerability research, N-days analysis, and exploit development. He is proficient across the entire lifecycle of exploit development that includes bug triaging, root cause analysis, reverse engineering, debugging, exploit writing and documentation. Besides his day job, he participates in Capture the Flag (gamified security competition) with his team, Rek4pig during the weekends to sharpen his skillsets and explore other domains of cybersecurity.


Work Experience

STARLabs Singapore

Security Researcher - ( Feb 2020 to Jul 2022 )

    Discovered and exploited a 0-day heap buffer overflow vulnerability on Netgear Router (CVE-2021-27253) that led to remote code execution for a prestigious international competition, Pwn2Own 2020. Involved in end-to-end activities such as firmware dumping, reverse engineering, and exploit development

    Analyzed and researched N-days vulnerabilities across different technologies and bug classes such as Chrome V8 Javascript Engine Bugs (Incorrect Optimizations, Type Confusion, Lack of Bounds Check), Windows Local Privilege Escalations and numerous routers (ASUS, DLINK, etc.)

    Located differences between patched and vulnerable version of binaries via Binary Diffing with Diaphora and Bindiff6

    Triaged vulnerabilities and performing root cause analysis via reverse engineering and/or code auditing (for open-sourced programs)

    Developed exploits for various bug classes and vulnerabilities such as Buffer overflows, Command Injection, SSRF, Type Confusion and Integer Underflow

    Wrote formal and informal(educational) reports for each vulnerability analysis

    Developed a dumb fuzzer that led to the discover of command injection vulnerability, CVE-2021-22204

MWRInfoSecurity/FSecure

Consultant - ( Jul 2019 to Dec 2019 )

    Automated deployment process of an internal tool in AWS via python boto3 API to reduce human errors

    Documented the setup process and architecture of the internal tool for knowledge sharing and reduce duplicative work

    Joined the team in tearing down hardware and dumping of decrypted firmware during the attempt to

    Assisted in vulnerability research for Pwn2Own 2019 television category


Education

Nanyang Technological University Singapore

    Attained a Bachelor’s Degree in Computer Science, specializing in Cyber Security

    Security modules that were taken includes Malware Analysis, Cryptography and Software Security.


Skills

IDA Pro, Ghidra, DnSpy, x64DBG, WinDBG, GDB, experiences in Windows Kernel Debugging, python programming, javascript, C/C++, asm


Community Outreach

    guest speaker for nus greyhats security wednesday – “a case study of an incorrect bitwise and (&) optimization in v8”, 2022 https://www.youtube.com/watch?v=Ihc9WbtruE8

    ASUSWRT URL Processing Stack Buffer Overflow, 2020, https://starlabs.sg/blog/2020/08-asuswrt-url-processing-stack-buffer-overflow/

    Analysis & Exploitation of a Recent TP-Link Archer A7 Vulnerability, 2020, https://starlabs.sg/blog/2020/10-analysis-and-exploitation-of-a-recent-tp-link-archer-a7-vulnerability/


Certification and Training

    Offensive Security Advanced Web Attacks and Exploitation (AWAE), 2021

    Windows Binary Exploitation 32 bits by CORELAN Team, 2019


Achievements

    Pwn2Own Tokyo 2020 – First Entry (Authentication Bypass + Heap Buffer Overflow) https://www.youtube.com/watch?v=gAPeEsJX1xE&t=108s