I am a software security researcher, with expertise in hypervisors, Windows, Unix-based systems, and XNU(macOS and iOS) you can find some of my old exploits I have written in here and here

Some vulnerabilities I’ve reported include an intriguing story behind them. for example CVE-2016-0040, which you can read in Microsoft’s blog post

and story of a vulnerability collision with in the wild exploits in the CVE-2022-22587(iOS/macOS kernel memory corruption), media and news coverages:

I also became one of the MSRC’s 2020 Most Valuable Security Researchers( ranked #40)

CVE Description Source
CVE-2016-0087 Windows kernel Privilege escalation Vulnerability - Type Confusion GitHub Link, Microsoft Security Blog
CVE-2016-0040 Windows kernel Privilege escalation Vulnerability - Uninitialized pointer GitHub Link, Microsoft Security Blog
CVE-2016-7627 A null pointer dereference in iOS/OSX  
CVE-2017-0167 Microsoft Windows Kernel Information Disclosure Vulnerability, bypassing ASLR Microsoft Security Blog
CVE-2019-1250 Microsoft Jet Database Engine Remote Code Execution Vulnerabilities Microsoft Security Blog
CVE-2020-0992 Microsoft Jet Database Engine Remote Code Execution Vulnerabilities Microsoft Security Blog
CVE-2020-1008 Microsoft Jet Database Engine Remote Code Execution Vulnerabilities Microsoft Security Blog
CVE-2020-0889 Microsoft Jet Database Engine Remote Code Execution Vulnerabilities Microsoft Security Blog
CVE-2020-0634 Microsoft Windows CLFS Use-After-Free Privilege Escalation Vulnerability Zero Day Initiative Advisory
CVE-2020-0961 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Zero Day Initiative Advisory
CVE-2020-17395 Parallels Desktop integer underflow VM escape Vulnerability Zero Day Initiative Advisory
CVE-2022-34890 Local attackers disclose sensitive information on Parallels Desktop Zero Day Initiative Advisory
CVE-2022-22587 iOS kernel Memory Corruption. Impact: Arbitrary code execution with kernel privileges Apple Support
CVE-2023-32384 Buffer overflow in iOS ImageIO. Impact: Arbitrary code execution Apple Support
CVE-2023-23519   Apple Support
CVE-2023-32372 Out-of-bounds read in iOS ImageIO. Apple Support
CVE-2023-27929 Out-of-bounds read in iOS ImageIO. Apple Support
CVE-2023-27948 Out-of-bounds read addressed with improved input validation. Apple Support
CVE-2023-27947 Out-of-bounds read addressed with improved input validation. Apple Support
CVE-2023-21643 Qualcomm Security Bulletins Security Bulletin
CVE-2023-21651 Qualcomm Security Bulletins Security Bulletin
CVE-2023-42899 Processing an image may lead to arbitrary code execution in iOS, MacOS Apple Support
CVE-2023-42865 Processing an image may lead to arbitrary code execution in iOS, MacOS Apple Support
CVE-2023-42862 Processing an image may lead to arbitrary code execution in iOS, MacOS Apple Support
CVE-2024-23264 An application may be able to read restricted memory in iOS, MacOS Apple Support
CVE-2024-27804 iOS kernel Memory Corruption. Impact: Arbitrary code execution with kernel privileges Apple Support
CVE-2024-39463 Linux Kernel Memory Corruption. Impact: Arbitrary code execution with kernel privileges Linux kernel
CVE-2024-27802 iOS/macOS Impact: Processing a maliciously crafted file may lead to arbitrary code execution Apple Support