$]:/-<!.

&;_{?
$/?}[?/?

Peng
Patrick

Application

Applicational Security

  • Evernote IPC RCE
  • Y-Note Preload RCEs
  • Managebac RTE XSS
  • Government IDOR
  • Gatekeepai IDOR

Binary

Binary Exploitation

  • Tenda ROP RCE
  • Six Overflow CVEs
  • Telegram Reverse
  • MIFARE Reverse
  • First NLP-Pwn

AI/ML

AI/ML Security

  • Transformers RCEs
  • Tensorflow RCE
  • Llamafile RCE
  • Llama-cpp-py RCE
  • Microsoft RCE

Honors

Honors

  • Tencent Talent Program
  • CMU PicoCTF 24 10th
  • National CTF Prices
  • Huntr Monthly 1st
  • Sec-Plat Featured

Automation

Researches / Automation

  • Protosec-Research
  • ChatWithBinary
  • PwnBERT
  • AutoGDB
  • Tree-of-AST

Application

Applicational Security

  • Evernote IPC RCE
  • Y-Note Preload RCEs
  • Managebac RTE XSS
  • Government IDOR
  • Gatekeepai IDOR

Binary

Binary Exploitation

  • Tenda ROP RCE
  • Six Overflow CVEs
  • Telegram Reverse
  • MIFARE Reverse
  • First NLP-Pwn

AI/ML

AI/ML Security

  • Transformers RCEs
  • Tensorflow RCE
  • Llamafile RCE
  • Llama-cpp-py RCE
  • Microsoft RCE

Honors

Honors

  • Tencent Talent Program
  • CMU PicoCTF 24 10th
  • National CTF Prices
  • Huntr Monthly 1st
  • Sec-Plat Featured

Automation

Researches / Automation

  • Protosec-Research
  • ChatWithBinary
  • PwnBERT
  • AutoGDB
  • Tree-of-AST

Application

Applicational Security

  • Evernote IPC RCE
  • Y-Note Preload RCEs
  • Managebac RTE XSS
  • Government IDOR
  • Gatekeepai IDOR

Binary

Binary Exploitation

  • Tenda ROP RCE
  • Six Overflow CVEs
  • Telegram Reverse
  • MIFARE Reverse
  • First NLP-Pwn

AI/ML

AI/ML Security

  • Transformers RCEs
  • Tensorflow RCE
  • Llamafile RCE
  • Llama-cpp-py RCE
  • Microsoft RCE

Honors

Honors

  • Tencent Talent Program
  • CMU PicoCTF 24 10th
  • National CTF Prices
  • Huntr Monthly 1st
  • Sec-Plat Featured

Automation

Researches / Automation

  • Protosec-Research
  • ChatWithBinary
  • PwnBERT
  • AutoGDB
  • Tree-of-AST

Application

Applicational Security

  • Evernote IPC RCE
  • Y-Note Preload RCEs
  • Managebac RTE XSS
  • Government IDOR
  • Gatekeepai IDOR

Binary

Binary Exploitation

  • Tenda ROP RCE
  • Six Overflow CVEs
  • Telegram Reverse
  • MIFARE Reverse
  • First NLP-Pwn

AI/ML

AI/ML Security

  • Transformers RCEs
  • Tensorflow RCE
  • Llamafile RCE
  • Llama-cpp-py RCE
  • Microsoft RCE

Honors

Honors

  • Tencent Talent Program
  • CMU PicoCTF 24 10th
  • National CTF Prices
  • Huntr Monthly 1st
  • Sec-Plat Featured

Automation

Researches / Automation

  • Protosec-Research
  • ChatWithBinary
  • PwnBERT
  • AutoGDB
  • Tree-of-AST
AvatarI am a 15-years-old Threat Intelligence Researcher and Bounty Hunter specializing in the AI/ML and binary fields. In my free time outside of school, I've had the incredible opportunity to identify 22 CVEs, including critical vulnerabilities in state-of-the-art AI/ML projects.
My work includes Remote Code Execution (RCE) vulnerabilities in Transformers, Llama-cpp-python (aka the Llama-Drama RCE), PrivateGPT, PandasAI, and more. Which results direct arbitrary-code execution over an exposed API endpoints, or even loading a seemly harmless model / checkpoint. Through these discoveries, I have earned over $15,000 in bounties, which made me the top-one researcher on the Huntr leaderboard chart :) Beyond AI/ML, I also participate in various Vulnerability Disclosure Programs (VDP) and Bug Bounty Programs (BBP), where my findings have created a significant impact. In the past, I identified and exploited an IDOR vulnerability in a governmental service, which resulted in massive municipal data modification. Additionally, I discovered Cross-Site Scripting (XSS) vulnerabilities that led to Remote Code Execution (RCE) in Evernote and YoudaoNote, allowing arbitrary code execution with just one click on a note. I also uncovered a stored XSS vulnerability in Managebac, enabling the hijacking of high-privileged accounts and GPA modification, which affected over 1,000 schools (including many top-rated IB high schools.) Furthermore, I dedicated over 10 hours per vulnerability to write detailed*, **step-by-step proof-of-concept and discovery-to-exploitation* writeups*, which are hosted on my blog website. My blogs have gained recognition and have been reposted on well-known security platforms such as InfosecWriteups, Checkmarx, Sonatype, Hackread, The Hacker News, MalwareDotNews, Security Week, SecAlerts, and more.*
Patrick Peng © 2024