• [11/30/2019] MOSE has been accepted to CODASPY 20!
  • [10/26/2019] OSUSEC won BSidesPDX CTF!
  • [10/17/2019] OSUSEC and one of my courses at OSU is featured in Newsletter!
  • [10/13/2019] OSUSEC placed 25th at HIT CON CTF 2019 Qualifier!
  • [10/09/2019] Our RDP fuzzing work, RDPFuzzing, is accepted and will be presented at Black Hat Europe 2019!
  • [09/25/2019] BlueMaster is accepted and will be presented at Black Hat Europe 2019!
  • [08/11/2019] r00timentary placed 8th at the DEF CON 27 CTF!
  • [08/08/2019] soFrida is presented at DEF CON 27 Demo Labs!
  • [06/14/2019] I am one of the recipients of the 2018–2019 EECS Innovative Teaching Award!
  • [05/22/2019] Our discovery of authenticaion bypass vulnerability in Android Smart Lock has received $3,133.70 bug bounty from Google!
  • [04/12/2019] Our discovery of an information leak vulnerability in Microsoft Remote Desktop Client has received $10,000 bug bounty from HackerOne!
  • [03/24/2019] OSUSEC won the 3rd place award at PRCCDC!
  • [03/10/2019] OSUSEC placed at 7th at UT CTF!
  • [02/23/2019] OSUSEC got the 3rd place at MITRE STEM CTF!
  • [02/01/2019] OSUSEC is featured in Corvallis Gazette-Times. Go Beavs!
  • [01/06/2019] Oregon State University won the NSA Codebreaker Challenge!
  • [01/02/2019] POSUP is published in PoPETS ‘19!
  • [01/01/2019] Happy new year! My story is covered in the Momentum Magazine!

Recent Publications

More Publications

. BlueMaster: Bypassing and Fixing Bluetooth-based Proximity Authentication. BlackHat Europe, 2019.

PDF Slides

. Fuzzing and Exploiting Virtual Channels in Microsoft Remote Desktop Protocol for Fun and Profit. BlackHat Europe, 2019.


. Making Code Re-randomization Practical with MARDU. arXiv, 2019.

. soFrida - Dynamic Analysis Tool for Mobile Apps with Cloud Backend. DEF CON, 2019.

. Hardware-Supported ORAM in Effect: Practical Oblivious Search and Update on Very Large Dataset. PoPETs, 2019.



I have been teaching the following courses at Oregon State University (median course evaluation score attached, max 6.0):

You can visit my Ratemyprofessor Profile.


I am fortunate to advise the following great students at Oregon State University:

  • Ping-Jui Liao (PhD, Fall 2018 – present)
  • Jinhong Choi (PhD, Spring 2019 – present)
  • Hadi Rahal-Arabi (MS, Winter 2019 – present)
  • Cody Holliday (MS, Fall 2018 – present)
  • Phillip Mestas III (MS, AMP, Spring 2019 – present)
  • Andrew Quach (MS, AMP, Summer 2019 – present)
  • Zander Nead-Work (BS, RELU, Summer 2019 – present)
  • Khuong Luu (BS, Honors College, Spring 2019 – present)
  • Lyell Read (BS, Honors College, Summer 2019 – present)


October 2017 – Present
Corvallis, Oregon

Assistant Professor

Oregon State University

Teaches hacking (attacks), cybersecurity (defenses), opearting systems (foundations), and many more day-to-day living skills for cyber ninjas.
January 2013 – December 2014
Atlanta, GA

Chief Engineer

Security Axioms

Worked at a research spin-off company during my Ph.D. study.
August 2010 – August 2017
Atlanta, GA

Graduate Research Assistant

Georgia Institute of Technology


Recent & Upcoming Talks