- Target
- OpenAI ChatGPT — Agent Mode
- Vector
- Indirect prompt injection
- Impact
- Arbitrary command execution on the sandboxed agent VM
I build LLM-powered agents that break production AI systems — remote code execution in OpenAI ChatGPT Agent Mode, Meta's Manus, and more — and turn what I find into CVEs, patents, and shipped defenses.
Offensive research on the AI systems millions of people use — remote code execution and sandbox escapes. Every card links to the public writeup.
Original offensive research — a novel Linux page-cache code-corruption technique, an IE11 browser 0-day, and a Google-VRP web bug. (The kernel CVEs were discovered by others; the exploitation work here is mine.)
My novel exploitation technique for the Copy Fail kernel bug: instead of corrupting data files, write shellcode into libc's exit() through the shared page cache so every exiting process runs it — one-shot root, no disk modification.
Analysis and verified exploitation of the Fragnesia / Dirty-Frag page-cache-write LPE class, including a portable live-code-corruption variant that applies the Copy Fail technique to the ESP/RxRPC sinks.
A three-part series: a custom browser fuzzing framework (StateFuzzer), advanced Chrome/IE11 heap-exploitation techniques, and full IE11 use-after-free 0-day exploit development.
Stored cross-site scripting in Google's OSV.dev vulnerability database, reported through the Google Vulnerability Reward Program.
Vulnerabilities I reported that received CVE IDs — from Adobe Acrobat RCEs (Unit 42) to AI-infrastructure advisories (Aurascape). Every ID links to its NVD or GitHub-advisory page.
Filed patents on LLM-driven security (assignee: Palo Alto Networks) — one granted. Each links to Google Patents.
Frontier-AI attack research at AuraLabs and enterprise threat intel at Unit 42 — plus a Black Hat Asia briefing. All links go to the public articles.
Public repositories — security tooling, crawlers, and utilities.
A static white-box audit skill spanning 9 languages and 55+ vulnerability types, chaining findings into exploitable attack paths.
Fetches web content past anti-bot protections, extracts the meaningful body, and generates AI summaries via pluggable LLM providers.
Impersonates virtual DHT nodes to harvest torrent infohashes at high speed — KRPC/bencode over multiple UDP listeners.
Fetches 10,000+ proxies from 7 sources, validates concurrently, and exports in tool-ready formats — CLI, FastAPI service, and web UI.
Collects and scans proxies from across the internet, stores them in MongoDB, and exposes an API to fetch live proxies.
Full-stack web apps I've designed and shipped — all live, all linked.
A hand-built arcade of dependency-free browser games — 2048, chess, solitaire, minesweeper, and 100+ more.
Turns any portrait into a compliant passport photo — AI background removal, print sheets, Stripe checkout, 5 languages.
An open-source archive of first-hand materials from history's most impactful builders — 186 events, 302 cited sources.
Drag in .epub files and read — books, progress, and theme persist entirely in-browser via IndexedDB; nothing uploaded.
A complete web Gomoku game shipped as a single self-contained HTML file, styled as a glowing cyberpunk board.
Distills four classic sales books into notes, scripts, and a 12-week learning path.
71 posts since 2014 — kernel pwn, CTFs, bug bounty, and reverse engineering.