Contributions
Conference Talks & Public Sharing
CanSecWest 2024 · Death by a thousand cuts
- Link: https://www.secwest.net/presentations-2024/death-by-a-thousand-cuts-compromising-automotive-systems-via-vulnerability-chains
- Abstract: A case study on the “remote control chain” of connected cars, showing attack-surface modeling, vulnerability chaining across phone/vehicle/cloud, and contactless control verification.
- Slides: Download PDF
View inline
KCon 2023 · Bluetooth Low Energy Hacking: From Digital Escape to Physical World
- Link: https://mp.weixin.qq.com/s/QuvNyZ4gQLQeKNy3Yahp_Q
- Abstract: Real-world cases including Tesla BLE relay, car lock cracking, and POS scanner payment hijacking, mapping BLE security risks and attack/defense paths across protocol layers.
- Slides: Download PDF
View inline
HITBSecConf 2023 · The Tragedy of Bluetooth Low Energy
- Link: https://conference.hitb.org/hitbsecconf2023hkt/session/the-tragedy-of-bluetooth-low-energy/
- Abstract: Bluetooth Low Energy (BLE) security.
- Slides: Download PDF
View inline
Technical Notes
Two Birds with One Stone — A Guide to Exploiting Qualcomm GPU KGSL Driver Bugs
- Abstract: Personal notes on the root cause and exploitation of Qualcomm KGSL driver vulnerabilities.
- Slides: Download PDF
- Related: CVE-2024-23380 article
View inline
Vulnerabilities & Acknowledgements
- MediaTek: CVE-2024-20081, CVE-2025-20693, CVE-2025-20694, CVE-2025-20695, CVE-2025-20746, CVE-2025-20747, CVE-2025-20765
- D-Link: CVE-2022-48107, CVE-2022-48108, CVE-2023-25279, CVE-2023-25280, CVE-2023-25281, CVE-2023-25282, CVE-2023-25283
- Huawei: CVE-2022-33735
- Uniview: CNVD-2022-47150
- NVDB: NVDB-CAVD-2023448820 (automotive)
- Meta: Bug Bounty Hall of Fame 2024 (Meta Quest)
Competitions & Awards
- Tianfu Cup 2021: vulnerability reproduction contest, cracking success
- Butian Cup 2022/2023: payment hijack, BLE lock cracking, dashcam compromise — cracking success awards
- GeekCon 2023: “How long to steal a NEV” — success, video: b23.tv/eUJckxA
- GeekCon 2024: “Infiltrator in the Conference” — winner, video: b23.tv/cW3QvyT
- SkyNet Cup (IoV track): 3rd place 2024, 2nd place 2025
- Xiaomi Young Engineer RSU Incentive Program 2024