About
Hi! I'm Xingyu👋I currently work as Senior Security Engineer at Google Android Security for Google Play Protect. I'm passionate about several aspects of cybersecurity, including bug hunting, exploit analysis and detection, exploit development, reverse engineering (e.g. static unpackers, dynamic unpackers against DRM solutions), malware, forensic and software engineering.
Previously, I worked at Palo Alto Networks for Linux honeypot and Windows exploits detection, and I have held internships at Google and Trend Micro. In the past, I also participated in CTF with teams such as Vidar, PPP and Straw Hat occasionally.
I have been acknowledged by multiple vendors for discovering software vulnerabilities, including Google, Qualcomm, Samsung, Motorola, Oppo, Apple, Imagination Technologies, McAfee and Sangfor.
Blogposts
- Project Zero Blog
- The quantum state of Linux kernel garbage collection CVE-2021-0920 [Link]
- Project Zero 0-days In-the-Wild Series
- CVE-2022-22265: Samsung NPU device driver double free in Android [Link]
- CVE-2021-0920: Android sk_buff use-after-free in Linux [Link]
- Google Security Research
- Apple: ImageIO memory corruptions [Link]
- Palo Alto Networks Unit42 Blog
- Malware Used by Rocke Group Evolves to Evade Detection by Cloud Security Products [Link]
- Xbash Combines Botnet, Ransomware, Coinmining in Worm that Targets Linux and Windows [Link]
- New Wine in Old Bottle: New Azorult Variant Found in FindMyName Campaign using Fallout Exploit Kit [Link]
- Web-based Threats-2018 Q3: Malicious URLs and Domains take a Dip [Link]
Conference Talks
- Black Hat Europe 2023
- Evils in the Sparse Texture Memory: Exploit Kernel Based on Undefined Behaviors of Graphic APIs [Link]
- Black Hat USA 2022
- Monitoring Surveillance Vendors: A Deep Dive into In-the-Wild Android Full Chains in 2021 [Link]
- Android Universal Root: Exploiting Mobile GPU / Command Queue Drivers [Link]
- Black Hat Europe 2021
- Hack in the Box Singapore 2021
- The Art of Exploiting UAF by Ret2bpf in Android Kernel [Link]