I am a second-year student majoring in Computer Science at UC Santa Barbara. I have both research and industrial experience in modern application security and data science. I am now open for job opportunities where I can apply my skills.
Education
UC Santa Barbara
BS in Computer Science
Expected to graduate at Jan, 2022
Related courses: OS, Automata, Network, Binary Security
Worked on an AWS EMR metrics collection library that publishes metrics to internal monitoring frameworks and helped instrumenting exisiting Hadoop/Spark jobs with it.
Analyzed metrics from 127 Spark clusters and located 21 under-provisioned / over-provisioned jobs.
Created dashboards on Grafana & Splunk to provide detailed information regarding Spark job optimization.
Located and patched a race-condition issue in Redshift metrics collection library that caused failures over AWS data pipelines.
Rewrote Redshift SQL of a daily-executed data pipeline to support a specific change in logic.
DAudit provides Ops team an easier interface to evaluate risks in configuration of databases and big data toolkits.
Stack Used: Python, MySQL, Redis, ELK, Hadoop, Spark, MongoDB
Relier is a meetup App for adventurers and teenagers. I have coded both iOS & Android Apps and a distributed
backend that features a scalable matching algorithm based on kNN.
Stack Used: Golang, WebRTC, GKE, React Native, Swift, Kotlin, Spark Stack, HBase, gRPC.
IBKiller is a web platform for highschool students to share notes and videos, as well as practicing exam-style questions.
The DAUs have once reached 800+. I prototyped the website with Laravel then refactored it to microservices and splitted frontend and backend.
This leads to 92.8% reduction in average response time and 21.4% reduction in server load.
cpp-httplib client has been discovered a Header Injection vulnerability, which allows attackers to conduct code execution on users of websites built on this library.
An official Redis client that is deployed to millions of servers has been discovered a null-pointer-dereferencing vulnerability, which allows attackers to conduct denial-of-service attack easily.
[Undisclosed] This vulnerability allows attackers to visit CVS internal network, which has potential to leak users (patients) personal information.
Competitions
CTF (Capture the Flags)
Cybersecurity Competitions
I usually work on CTFs with two of my classmates who are both undergraduates. Our team is called by7ch. I mainly take care of challenges related to web applications and forensic.
- Ranked 23rd globally and 3rd among US teams.
- Ranked 6th as a team and first individually.
- Ranked 45th globally and 7th among US teams.
- Ranked 53rd globally and 6th among US teams.
- Ranked 78th globally and 6th among US teams.
- Ranked 86th globally and 14th among US teams.
- I am the lead organizer, DevOps engineer, and author of the challenges. The event has attracted more than 700 teams from all over the world and been rated as one of the best web security oriented CTFs. Reviews from participants
Research Experience
UCSB VLab
10/2019 - Present
Conducted analysis on websites of medical industry and discovered 2 side-channel vulnerabilities with the team, which lead to leakage of users' medical data and credentials.
Created a large computing cluster to conduct real-world side channel quantification, leading to 90%+ reduction in experiment time.
Created large benchmarks to evaluate the robustness of side channel evaluation tools.