Chaofan Shou

5691 Stinson Way, Goleta, CA, 93117

805-284-7138 · Email: scf@acm.org · https://scf.so

Education
UC Santa Barbara 10/2019 - 12/2021
BS in Computer Science
  • GPA: 4.0/4, Dean's Honor x 6, Honor Program Student
  • Led a 3-people CTF (cybersecurity competition) team. Got 6th place at DTCC CTF '20, finalist at CSAW CTF '20, 23rd place at iCTF '20, and 45th place at UIUC CTF '20.
  • Organized and wrote challenges for 3 CTFs (WeCTF '20/'20+/'21). These events have attracted more than 700 teams and been rated as one of the best web security oriented CTFs.

  • Research Experience
    UCSB Verification Lab
  • Led researches related to browser side-channel mitigation bypasses and improved existing browser security policies, including Cross-Origin Read Blocking.
  • Conducted analysis on websites of medical industry and discovered 2 network side-channel vulnerabilities.
  • Working on hybrid fuzzing and implementing a concolic execution scheduler for fuzzers.

  • Shanghai Jiaotong University NSEC Lab
  • Worked on identifying frauds against advertisers among mobile applications using static analysis and fuzzing. Conducted reverse engineering on 107 Android Apps and identified 2 malicious Apps with 1M+ downloads.

  • Publications
  • Chaofan Shou, İsmet Burak Kadron, Qi Su, Tevfik Bultan. "CorbFuzz: Checking Browser Security Policies with Fuzzing." ASE 2021. Available: https://arxiv.org/abs/2109.00398
  • Chaofan Shou. "PorkFuzz: Testing Stateful Software-Defined Network Applications with Property Graphs." ESEC/FSE 2021 SRC. Available: https://dl.acm.org/doi/pdf/10.1145/3468264.3473487
  • İsmet Burak Kadron, Chaofan Shou, Emily O'Mahony, Yılmaz Vural, Tevfik Bultan. "Black-Box Side-Channel Detection and Mitigation for Internet of Things." In review.

  • Work Experience
    Salesforce @ Security Org San Francisco, CA
    Security Engineer 12/2021 - Present
  • Contributed to the internal static analysis system, which is applied to 400+ internal projects and their dependencies, finding 3k+ potential vulnerabilities.

  • Security Engineer Intern 06/2021 - 09/2021
  • Created a distributed and scalable vulnerability scanning API using Pub/Sub model, handling 1M+ targets per second at peak. Deployed using Terraform on 14 AWS environments, including GovCloud.

  • Salesforce @ Marketing Cloud San Francisco, CA
    Software Engineer Intern 06/2020 - 09/2020
  • Worked on an AWS EMR metrics collection library that publishes metrics to internal monitoring frameworks and helped instrument existing Hadoop/Spark jobs with it. This library has located 21 under-provisioned / over-provisioned jobs.

  • Selected Projects
    LibAFL
    Added edge metadata (along with control flow graph) dumping functionality to LLVM passes used by AFL and implemented probabilistic sampling mechanism for testcase scheduling. Currently working on adopting polyhedral path abstraction into concolic testing / hybrid fuzzing mode.

    Facebook OSS
    Contributed structural fuzzing test harness for facebook/yoga (layout engine) and facebook/hermes (JavaScript engine). The harness for facebook/hermes has been used to discover two memory-related vulnerabilities.

    Selected Vulnerability Discoveries
  • CVE-2020-9329: Gogs, a widely used Git platform, has been discovered a race condition vulnerability.
  • CVE-2020-7105: An official Redis client has been discovered a null-pointer-dereferencing vulnerability.
  • CVE-2020-11709: cpp-httplib has been discovered a Header Injection vulnerability.
  • CVS Pharmacy: Discovered an SSRF vulnerability that allows attackers to access the internal network.
  • Netease: Discovered 2 severe XSS & CSRF vulnerabilities that could lead to 1.1 billion accounts takeover.
  • Faria Education Group: Provided information security consulting including security assessment, conducted 2 pentests, and identified 12 severe vulnerabilities.

  • Skills
  • Proficient: Python, PHP, C/C++, JavaScript/NodeJS, Golang, Rust, Vue, SQL
  • Familiar: Bash, Django, Laravel, Kotlin, React, HTML5/*CSS, Assembly, LLVM, OCaml, Substrate, Solidity
  • Working Knowledge: Kubernetes, WebRTC, AWS, Service Mesh, Spinnaker, Hadoop/Spark, Splunk