• [10/13/2019] OSUSEC placed 25th at HIT CON CTF 2019 Qualifier!
  • [10/09/2019] Our RDP fuzzing work, RDPFuzzing, is accepted and will be presented at Black Hat Europe 2019!
  • [09/25/2019] BlueMaster is accepted and will be presented at Black Hat Europe 2019!
  • [08/11/2019] r00timentary placed 8th at the DEF CON 27 CTF!
  • [08/08/2019] soFrida is presented at DEF CON 27 Demo Labs!
  • [06/14/2019] I am one of the recipients of the 2018–2019 EECS Innovative Teaching Award!
  • [05/22/2019] Our discovery of authenticaion bypass vulnerability in Android Smart Lock has received $3,133.70 bug bounty from Google!
  • [04/12/2019] Our discovery of an information leak vulnerability in Microsoft Remote Desktop Client has received $10,000 bug bounty from HackerOne!
  • [03/24/2019] OSUSEC won the 3rd place award at PRCCDC!
  • [03/10/2019] OSUSEC placed at 7th at UT CTF!
  • [02/23/2019] OSUSEC got the 3rd place at MITRE STEM CTF!
  • [02/01/2019] OSUSEC is featured in Corvallis Gazette-Times. Go Beavs!
  • [01/06/2019] Oregon State University won the NSA Codebreaker Challenge!
  • [01/02/2019] POSUP is published in PoPETS ‘19!
  • [01/01/2019] Happy new year! My story is covered in the Momentum Magazine!


I have been teaching the following courses at Oregon State University (course evaluation score attached, max 6.0):

You can visit my Ratemyprofessor Profile.


October 2017 – Present
Corvallis, Oregon

Assistant Professor

Oregon State University

Teaches hacking (attacks), cybersecurity (defenses), opearting systems (foundations), and many more day-to-day living skills for cyber ninjas.
January 2013 – December 2014
Atlanta, GA

Chief Engineer

Security Axioms

Worked at a research spin-off company during my Ph.D. study.
August 2010 – August 2017
Atlanta, GA

Graduate Research Assistant

Georgia Institute of Technology


Recent Publications

More Publications

. BlueMaster: Bypassing and Fixing Bluetooth-based Proximity Authentication (to appear). BlackHat Europe, 2019.

. Fuzzing and Exploiting Virtual Channels in Microsoft Remote Desktop Protocol for Fun and Profit (to appear). BlackHat Europe, 2019.

. Making Code Re-randomization Practical with MARDU. arXiv, 2019.

. soFrida - Dynamic Analysis Tool for Mobile Apps with Cloud Backend. DEF CON 27 Demo Labs, 2019.

. MultiK: A Framework for Orchestrating Multiple Specialized Kernels. arXiv, 2019.

PDF Project

. Hardware-Supported ORAM in Effect: Practical Oblivious Search and Update on Very Large Dataset. PoPETs, 2019.


Recent & Upcoming Talks