Biography

Currently, I am pursuing a PhD in computer engineering at Boston University. I work as a member of SecLaBU under the direction of Professors Manuel Egele. My research interests span a wide range of topics in system and web security with a particular focus on vulnerability detection as well as exploit mitigation techniques. Currently, I am focusing on developing novel techniques to detect injection vulnerabilities (e.g., insecure deserialization and cross-site scripting) in web applications. In addition, I am collaborating with Stony Brook University on developing a symbolic execution engine for PHP interpreter.

In addition, I actively discover software vulnerabilities in open-source projects and report them to the developers. I have reported several insecure deserialization (PHAR deserialization) vulnerabilities in web applications such as WordPress and its plugins. The MITRE has assigned CVE-2022-2433, CVE-2022-2434, CVE-2022-2436, CVE-2022-2437, CVE-2022-2438, CVE-2022-2439, CVE-2022-2440, CVE-2022-2441, CVE-2022-2442, CVE-2022-2444, and CVE-2022-2446 to my reports.