6 years of research experience in cyberspace security, research areas include web security, mobile security, IoT security, wireless security. Currently working at the Tencent Security Platform Department, mainly engaged in research on Internet of Things security and has discovered several serious security vulnerabilities in Alibaba, Alipay, Huawei, Lenovo, Baidu, Xiaomi and other companies .

 

1. Presentation Slides

《Hacking Intelligent Building : Pwning KNX & ZigBee Networks》- HITB AMS 2018 https://conference.hitb.org/hitbsecconf2018ams/sessions/hacking-intelligent-buildings-pwning-knx-zigbee-networks/

《Hybrid App Security : Attack and Defense》- POC 2017 http://www.powerofcommunity.net/poc2017/huiyu.pdf

 

2. CVE list

CVE-2016-2355 http://dotcms.com/security/SI-35

CVE-2016-4782 https://support.lenovo.com/us/zh/product_security/len_6421

CVE-2016-4783 https://support.lenovo.com/us/zh/product_security/len_6421

CVE-2016-9272 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9272

CVE-2017-2699 http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170222-01-theme-cn

CVE-2017-2728 http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20170323-01-smartphone-cn

 

3. Pwn experience

Remote attack smart oven in GeekPwn 2015 http://hof.geekpwn.org/en/index.html

 

4. Articles

《 Unlock More Postures : Mobile Phone Screen Lock Security 》 https://security.tencent.com/index.php/blog/msg/118

《 Mobile Application Vulnerabilities Automated Detection Platform Construction 》 https://security.tencent.com/index.php/blog/msg/109

 

5. Contact me

Email: droidsec.cn#gmail.com

Twitter: https://twitter.com/DroidSec_cn

Github: https://github.com/droidsec-cn

Linkedin: https://www.linkedin.com/in/droidsec/