1. I got my first computer when I was 11, I had nothing to deal with "computers" before then (the farest I can go is with "scratch" GUI programing). I always wanted to become an actor or anyone just funny back then (Robert JR was my favorite, I was thinking changing my name to Stark back then), never thought computers were cool at all.

    1. Because I really liked watching TV shows, I watched this one called Mr. Robots then back then (I also played a game called Watch Dog on the ps4 my mom sent me as birthday gift a bit before, which planted the seeds of ideas hackers are cool?)
    2. Where this mixture of emotions turned into actions or tangibles is when I started to get into another game - Hacknet, a game but you can actually play with UNIX commands to "hack" - it was a simple and bit unserious game - but it actually let me felt not that distanced from the word "hackers"
    3. And I have to give credit to this random dude, I remember once on our primary school guaduation our teacher asked me what do we want to become when we're older (for these cheesy graduation pictures), he said, he want to become a hacker (and when he said it everyone appears to be neither scared or impressed) - and I was like okay I know how to hack from this game, which pushed me further into it a bit more into it.

  2. So I started out with the basics, with the commands and stuff I learnt from that game Hacknet - I learnt later most commands from that game don't work in real-life - I started out playing what most people started out playing - Metasploit, Aircracking, and stuff like that, by reading these random but popular posts online about hacking;

    1. Playing with devices like USB rubber ducky, these cool looking hacking devices on shows (literally), playing around them for a bit since they can do really cool things - i remember my wish was to get a entire Hak5 tool set but no way I am getting it it's too expansive
    2. This was also when I started writing. Probably since everything I learnt is by reading these cool writeups in these little niche personal bloggings, it came to me intuitively it's the way to share the things I am really passionate about with people (classmate around me barely heard of python) - so I set up my own blog - it was called blog.johnw1ck.com back then (for wick instead of the letter I it's the number one), I was writing about things I spent bit time researching and figuring out, and for some reason I loved writing and explain how these "magical hacks" works under the hood, it wasn't something complex at all but it just something I love to write about. (I would also write about lock picking, even though I have no idea how to actually)
      1. probably because how much they puzzles me and that sense of epiphany when you figure something out (now that I realized)

  3. Figured my way to CTFs (Capture the Flag), where I was approached with a more systematic episomological system of hacking, there were branches benath: web (application security, lots of tricks ), pwn (binary-exploitation, very low-level and based how computers works internally)

    1. all the instructors (from these free video resources online) said Pwn very much hard and takes extreme amount of time to get into, learn the fundamentals figuring out all the program execution systems (university courses level) with tons of abstractions a things I have no chance hearing anything about at all in my life
      1. but for some reason I chose Pwn, the hard way, this is really uncommon for me to do that, it's like the first time in my life I choose the other appears harder, quite impossible since I know nothing about computers at all before then - and I am the type of kid that would assume I am borned with ADHD, no persistence, and can't settle on anything like without a doubt - this sounds like something in a movie, it's a really weird decision but I chose to stick with Pwn.
      2. Looking back from now it might because how these terms, exploitation methodology from pwn just seems so far away, just like when you're introduced with quantum mechanics for the first time. But that distance but with that sense of logic behind just probably seems subconsciously attractive to me, and I am bit subconsciously attracted to it.)

  4. So I just get into it, it was so hard for me to understand back then at a point where it became painful (the pain under abstractions - like learning something "new" at a degree that seems like a space that's isolated, like learning calculus when you barely knows how additions works (I didn't even know how to code in python back then, I learnt it from writing exploits) - the concept you're learning are based on the previous concepts and the previous one is something you have no-clue and never heard of before and sounds like being generated from thin air) - but just unfolding a paper crane - that sense of breaking down seemly magical system into understandable pieces, rules are just one of the these best feelings on the world. As I said, it was painful, the first two weeks learning this entirely new prerequisite system of knowledge that have nothing to do with hacking at all is boring and you don't know even if you can make it till where you actually start to learn things about hacking - but I made it, watching free videos online, piecing unrelated indepdent writings together to form a understanding of the simplest concepts - caller stacks, lazy binding of GOT tables....

    1. And when you get to apply for this brand new system of knowledge to create something seemly magical, it's just even a more level of best feeling you ever get - I still remember the first blog I ever did for Pwn was this writeup (sort of like a explaination) about a vulnerability called Format Strings: where by typing a arrangment sets of two symbols that makes no sense into a really seemly normal program, you can leak, manipulate memory to completely takeover a system by exploiting how these inputs programs works under the hood at a level I would never have a thought, notion, idea about, it felt really magical.

  5. Writing became my habit or what I spent most of my time doing, sometime I wrote about a new knowledge like I am explaining to others while I am learning it. I love this sense of breaking down "magics", and explaining to other abstraction that just sound so new and interesting to me (felt like imagination) and took me so long to understand about "pwn". The longest one I wrote about back then is about ret2 binary exploitation methodology (it's really short comparing to my writings now, but it was the only one I spent over one days, between school that I writing about), there were some really funny technical mistakes looking back from now, but I was really pround about this writing back then. I shared it on the internet and people gave me some good feedbacks (it was like 20 likes but I really felt much, from a rookie's perspective getting affirmation!) And I decided that's the direction I'd like to spent times on - this sort of learning then explaining through writing really helped me learn things, complexities I have hardtime about (since you can always rewind back as the logics of how you wrote it), while getting me a bit of feedback loop even only by knowing there are people reading my works.

  6. And a really interesting and changing event that firstly appears is about writing, but not related to these abstraction and "magics" at all - In the field of cybersecurity, it's really two different level between solving CTF challenges (mimicked bugs created on purpose but still takes times and knowledge to work on) and finding a real-world vulnerability. (e.g., bugs in Bugcrowd Project, CVEs) - since one is more uncertained, and complexity of real-world environment, and psycological challenges - you never really know if you're going to find a vulnerability of an application you might spent tons of time working on until the moment you find it, and they're usually way harder to spot, since they can be anywhere, and CTFs tells you where one is.

  7. However the first turning point for my writing, is back then when I was trying to find a real-world application bug - would first real-world bug (I already spent lots of time hunting on other projects) - on my middle school's website, I happens to be lucky enough to find this little information leak - that leaks md5 value of a little account - that's able to escalate into full server takeover by this chain of exploitation of ndays, starting with this very simple, accidental leak (backthen I think it have something to deal with file subfix and backups). In summary - pretty cool loooking but not that complex after all (looks pretty magical).

    1. so I did this little writeup on it, spent like around 5 hours? (I could remember, wasn't very very long), and when literally casually post it online (i post one writeup in different places back then), and it blew up - I assume it's a combination of that sort of magical breakdown feeling I was talk previously about (abstractions into concrete), and bit about my age (I was 12 back then?). It wasn't that very-much blew-up and popular back then, it was around five hundreds likes and couple thousands of view - but as what I said - for someone who would be happy even seeing few people reading the writing, it was so much to me back then, and I was very happy just looking at my work being read, the view going up a few number at a time (funny: I still have people following that account of mine because of that writing even now)
    2. But as i said, that experience of finding that bug in my middle school is something I am proud at - but not as the part I loved, have momentum and spending most of time about, it was still "pwn", binary-exploitation, exploiting the under the hood of how computers works; that magical feeling I felt from this process of discovering and using that brand-new system, that I love doing and just seems so many space for my explorations - as I still followed my side-focus of finding bugs of higher-level application - I continued writing these writeup, explainations of new things I learn from it every single day.
    3. I found few 0day bugs at that process, mostly application security level. After learning and writing about stack, libc exploitation methodology, I wanted to explore further - with that bit of fundamentals, things are not as painful as it was but still hard, navigating through environments, routers I have no experience about.

  8. That's a long term of writing writeups, learning more about these things to heap, figuring glibc exploitatio and trying to compete with my folks and friends I met online on some CTF contest, or replicating some really cool router nday vulnerabilities.

    1. It was a pretty long process, I don't think I can include every single details of it, rememding you I still have a life to live! hanging out with my friends, just playing soccer - we used to play soccer every single day no matters how hot it is outside, playing with Drones... Or just getting back what brought me to hacking - TV series and playing video games, or just school - I had the determination of going to American back then to seek this part of "hacking" that I loved the most, and perparing for that is a lot of effort - I was at a TOEFL place (a SAT sort of for international students as entry task) every staurday for a year... But I still find time for this thing I love in betweem, and there's really no trick of "how", it just naturally done - it can be time after school, in the morning or even at school when I have my laptop with me, in breaks or sacraifcing time to hang with friend on what I enjoy doing every second (probably not every seconds) - and just by keep doing it, you're able to get somewhere, these are things I did in that period of time, that I can recall or I am bit proud of:
      1. I reproduced a Router ROP (return-oriented programming, a memory exploitation methodology that allows to takeover (RCE) a system via manipulating overflown memories with controll-flow manipulation gadgets) in a physical router I bought from ebay - I was so on nerve since I knew something was going to go wrong against the written write-up - attaching gdb-server, setting network interface was just the beginning - but I was able to do it with 3 days working my head off on it! When that shell (sign of successful exploitation) pops up, I was 12 years old!
      2. We compete on PicoCTF with my folks, my my friends was all busy but at the end of the day it was only me, but I like solving puzzles as I mentioned - even after school or midnight - and I was able to get us to 36th globally as MVP! almost AK (all solved) all the pwn challenges for that, I was pretty happy about the results since it's first time I ever really "score" something in a CTF contest (that was I also 12 years old I think)
      3. started to writing about glibc (linux kernel) allocation and exploitation methodology under the hood as I mentioned before (when I was perparing for PicoCTF, I solved their pevious chanllenge for the past two or three years a month in advance), really painful to figure things, you have to set breakpoints everywhere and use gdb (unix debugers) to observes with kernel source... (also 12 years old)
    2. However, I was not statisfied to only use words to explain that magical theories, methodology into understandable pieces. I started to turn these explainations into graph with a voice at the background, I started turn these eplainations into video with slides - as I knew is the best way to learn with my experience learning from other - I started learning "pwn", binary-exploitation by watching other's tutorials online.
      1. This was much more trickier than writing, you'd need to perpared for the slides, atleast have a bit of script of what you're going to talk about, referencing facts and figuring out the best, most interesting way to introduce a concept and to explain. However, that did brought me to a wider range of audiences.
      2. I would still post about these glibc heap-exploitation tutorials, house-of-orange, tcache bin attacks..., but I tried to make it as niche, delicate, aestically pleasing and interesting while understandable as possible. It might takes days just to perpare for one episode, but I started to get few dozen thousand of views of my works!
        1. I still remember back then during my third post when I just put by retainers on, I can barely speaks because the metal part of it scratches the inside of your mouth and it hurts so much! But I still wanted to finish it even though I sounded like another person in them (and it's physically painful)
      3. After explaining heap-exploitation tutorials, I shifted the focus on the channel into machine-language security automation in specifically binary-exploitation, in another word putting LLMs into this field of security that requires deep fundations, in-depth and intense manual, repetitive research and development part of low-level security. It was back when ChatGPT, langchain was just a thing, I was just being bit lazy, as I suffered bit from CTF challenges, I always imagine what if AIs can do these deep level of security research. Few projects we worked on:
        1. PwnBERT: Combined decode-only LLMs architecture BERT on vulnerability discovery via fine-tunning on binary-classification tasks
        2. ChatWithBinary: We put decompiler and LLMs together with RAGs for them to reverse-engineer, vulnerability discovery from re-interpretating low-level code generated by LLMs - me and one of my folk working in frontend web design turned it into little saas (without realizing we're building), it wasn't really any intention to make money or anything back then, we just really wanted to people to use our tool (but we did charge for usage), but we stopped after around two months since model performance bottleneck is a major problem we have.
        3. (This was around late 2023)

  9. As the channel turned towards larger audiences, I got some amazing opportunities:

    1. With my background in low-level binary security research, I was introduced to a security company called Lian Security. The intended to send one of their products, specifically for binary security bug finding, for me to review. With weeks of research, I was able to finally get my first very own memory CVEs (vulnerability certified by US Dept of Homeland Security ) in Tenda Routers. I also turned my experience of bug hunting from zero into words again.
    2. I've been posting about putting AI into low-level memory security. I also received Opportunities to work with ML Security Research Lab at Tsinghua University, combining AIs in this niche, deep field of binary exploitation.

  10. Unexpectedly I receive a invitiation (or recruit) for Tencent (which is like Google in China), on what they called the "Spark" program. Which the talent-reserve program for Tencent, I did not really hear about the program at all back then so I was like okay. So I did a few rounds of interviews and meetings and stuff, then I got in!

    1. I was in Beijing, so I had to fly all the way from Shanghai to Beijing, but they covered pretty much all the costs, including the airplane or the hotel, everything. I didn't spend a penny at all during the entire program, and the food was so nice. (That was my first impression, I didn't expected Tencent to be that cool). It was pretty hard and tough works, it had two directions:
      1. Traditional security - which is more like the things I am used to.
        1. We did reverse engineering in Telegram by reverse-enginnering the it from the memory level;
        2. On the last few day, they sent us a version of this extreme popular application and told us there was a certain type of vulnerability (RCE, the most severe category that leads to direct compromise of the machine), and to find it. There were zero context - they showed a magical video of clicking to one thing and your entire computer just got hacked, so stuff like that. With that very vague goal, they asked us to look for something like a super severe bug. It was basically like finding a new bug in a real-world application, which is also pretty sophisticated designed.
        3. What is unexpectedly and funny is - Since they gave us zero context and just a very vague goal, I was very irritated and extremely angry. I did every single thing and looking to every single perspective, at the end of the day, I found a unintended, actual zero-day (which is an actual new vulnerability that's not being fixed or patched or getting noticed by the vendor), that one is capable of by exploiting this sophisticated chain to achieve a sort of magical hack of taking over a computer just by clicking into one thing (like thay expected me to do originally with this old and patched bug). - So I reported it to the vendor and actually made a little fortune but lot's of happiness.
      2. AI Security - Which is something have worked on but still pretty new.
        1. We're asked to who do AI red and blue teaming, which is like attack and defense for AI models and alignments. Notable was pretty early for that back then - It was really before AI security actually became a thing. (e.g., one of my friend who's working in HiddenLayer right now (which is a pretty great AI security startup) were still working with binary security back then, it was when things just get started for a bit)
        2. We were playing with adversarial attacks, like modifying and tuning AI filter and security alignment methodology, But at a pretty early time. I sort of planted a seed of AI security in my head, and you know, just getting myself a little bit into this brand new field.
      3. Another fun thing I learned during the last day of the program is that every single participant except me, and my friend I made in the program was (and there were about 80 participants), was either from Tsinghua University or Beijing University, which are sort of like the MIT, Harvard, and Stanford of China. (These university really meant a lot especially for back in China since the Gaokao college - entry task was engraved in our value system already), and I was just 14 in middle school.
    2. The experience was so nice, fantastic, and unexpected for me. I learned so much in that seven-day course program.My experience was great and sort of unexpected for me. I learned so much in that seven-day course program and made so many friends and connections - And one of the most important things is it sort of started the spark of the idea of AI security - this pretty much completely new field - in my head.
      1. One of the things I remember the most is right after the program because my mom was so happy that all the folks around me were from this university and I was the youngest participant in the program. She bought me a super nice PC with graphic cards that allows me to do AI security research we learnt, and were working on during the program.

  11. The experience at Tencent sort of transformed my perspective, of my past on "explaining" towards real-world vulnerability research - Even though I was working on real-world vulnerability research before, it sort of changed the center of gravity of my research orientation.

    1. The great thing is my past focus on explaining gave me a lot of fundamentals on specifically the way to "think" of the he exploiter perspective, since all the write-ups I was reading, learning, showed a given pattern of how bugs were found or how these exploitation methodologies usually goes.
    2. The first two months that I came back from the program, I was working directly on AI security. The program gave me inspiration on how to put AI with binary security research in real-world bounty contexts - To remind you, I also posted videos about this sort of combination with AI and binary security before Tencent recruited me. It was also one of the main reasons how they saw this spark in me. It was a long process of trial and error, but I learned so much from the AI/ML ecosystem by developing AML projects myself.
    3. It was around the Chinese New Year where I sort of found one pretty cool bug in this huge academic system that our school and a couple of other schools around the world were using, called Managebac - It's a pretty cool bug that allows you to hijack these high privilege administrator's accounts. By that, you can manipulate your GPAs and change your testing scores and stuff like that - It's something that's very cool to me since our school is sort of like using this on an every single day basis, sort of like gmail - The perspective change brought by the program and this vulnerability helped me establish my first feedback loop to bug-hunting, and started things up.
      1. I did responsibly disclosed the vulnerability to the management and development team. Since they are not on platforms like Bugcrowd, they just pretty much ignored it and fixed it themselves. Even though it was not an especially rewarding disclosure process, I still got that feedback loop as I previously described.

  12. I sort of accidentally got into AI security bug hunting.

    1. Like I said before, I really love to read other people's write-ups. It's one of my main ways to learn. I was trying to search for instances of real-world bug hunting to sort of eliminate that sort of vagueness of bug hunting in my head - and that's when I came across these well-written disclosures online, (a Bugcrowd started to disclose their hack activities for other hackers to learn)
    2. Just by reading these report, I learned so many new things and so many new aspects of exploitation, bug hunting methodology**.I was immediately intrigued by that sort of newness and freshness of knowledge** (How I was exposed to it when I just got into this field.) so I was reading pretty much dozens of reports every single day, reproducing these sort of exploitation notes demonstrating these reports or hackactivities.
    3. It was around 2 or 3 weeks of just purely reading other reports. I decided to give it a shot on applying the stuff I learned. I started to look into one of We describe it as an ambitious goal- the Transformer Python library written by Hugging Face (Pretty much every single person who works on AI/ML development uses this library)
      1. After a few days of research, I found this pretty cool, a RCE vulnerability in it that allows you to maliciously execute just by a user loading a certain sort of ML checkpoints, or you can sort of comprehend it as like loading one model - It wasn't something very severe, and the bounty was that much (it was few hundreds of bucks), but that feeling of applying something you just learned, Put observations into your practice. that was completely new to you was so great.
    4. The Hugging Face vulnerability started things off on bug hunting in the AI and ML space. But what contributed the most to starting things off was that sort of like freshness and newness of these completely new knowledge system, that I wasn't already exposed to before, things I never heard of.
    5. That sort of experience, and fundamental knowledge I gained from "explaining" for the past few years boosted things up a lot. One thing these reading write-ups or re-teaching what I learned taught me is that specific way of the exploiter perspective - sort of teaches you a heuristic pattern or a thought pattern of how bugs are usually found (It's very much different from designing software. There's a certain way of finding.), and how these exploitation methodologies usually look like and designed.
    6. At the meantime, the experience working in such huge, complex, sophisticated projects and reinforced my ability to analyzing, (abdutive) reasoning and research. one example I use in BlackHat is that these developers for ML projects are usually previous C++ developers. You can sort of see the confusing usage of C++, styling, and macro and stuff like that - Navigating through these sort of huge, complex codebases is not an easy task at all. It requires a lot of ability to analyze interrelationship between chunks of code and interpreting the pragmatic semantic meanings of the code as well as its implications on security, as a possible exploitation point of interest.

  13. I switched on security research, bug finding on AI/ML.

    1. It was also a year where AI/ML development goes way more rapid, even out of our expectations. At meantime, that extremely rapid development brought out a lot of concerns, implications people have on AIs. Security of AI was a part of it
    2. You start to see how fragile these AI/ML projects, or the entire AI/ML ecosystem, this supply chain was. I always like to refer it just as like internet back in the early 2000s. The thing about cybersecurity, is that the awareness of finding the other side of these seemingly extremely normal codes is something that requires a lot of background of knowledge, experience. In order to write secure code: you will have to, while you are thinking about how to actually write the code, you will also have to think about how this code can be possibly exploited by others - This hardness to write a secure code was very much magnified under the rapid development of AI and this urgent need of innovations.
    3. It's sort of like the American railroad boom of the late 19th century, while everyone is laying tracks at breakneck speed, but What's also important is making sure these tracks are durable, secure enough for trains to run on - The rapid development of AI is changing the world on a daily basis, but it also exposed a lot of vulnerabilities. Working on that specific subject feels like something bigger than me, while it's that I enjoy, passionate about, interesting in and naturally intriging to me (aroses my curiosity), something I would say I am good at - while these bug bounties - pushed me far and further.
    4. As I am doing something I enjoy, I am good at, and something that seems bigger than me, As I described previously, you just pushed me on and on. After finding 40-ish AI/ML bugs (~20 of them are RCEs) in the public domain, I join private programs to focus on my specific research on AI and ML security - Where we look into the lowest-level, the weight-and-bias of AI models themselves, trying find possible unexpected ways to exploit them as in the traditional security sense - compromising the entire server just by loading one a model (e.g. TikTok's Large-Language Model was poisoned (exploited) by internally, one of their internal services got entirely compromised and it resulted in some really severe consequences.) We were breaking a lot of barriers, Figuring and breaking things in a way that no one in the history ever thought about - I would just spend weeks looking into the source code of projects and thinking about every single new, unique perspective of how to maybe abuse one line of normal code in a controllable way that might lead to unexpected consequences. - At the end of the year, my portfolio includes from big names like Google, Mozilla, to startups like PrivateGPT, GGML; Supply chain attacks that affect tens of thousands of AI models online, and millions of developers.
    5. In the meantime, I was to look at the daily tangible things From an application security perspective - I found a vulnerability in China's governmental system that allows you to widely change around millions of student's standerlized examinations - I reached out to the department that was responsible for this and they fixed it. I also got some credit from my middle school at Shanghai which has like 10,000 people.
    6. A lot of these are done in between schools, maybe in the morning or at night after school, maybe giving up some time playing soccer with my friends. But looking from now is definitely worth it**. On one hand**, I was able to gain some recognition from people I admire and respect by doing these works that I'm proud of and enjoy (The process might be painful), On the other hand, I can finally take out my friends to fancy places and not worry about not being able to pay them.

  14. However, In order to get to that depth of research and that one sort of bug that seems pure magical, but with tons of effort and puzzle, and the beauty of complexity behind it. - that I dreamt of, admired since my first step into this field - You will to dive deeper and also aim bigger. Thus, I aimed for one of the mostly used fundamental inferencing library: Llama.cpp - From the perspective that seems most "magical" and where I loved from the beginning, binary exploitation.

    1. After looking into Llama C++ architecture and structure, I decided focused specifically on Llama C++ RPC server, the distributed inferencing server, which distributes LLMs's computation

    2. One thing that made LLMs, or Tranformers to go that far is how they're designed to handle computations in parallelization. (Internally, LLMs (AI) are just machines that take an input and do an huge amount of matrix multiplication, to a output), allowing computerst to take in huge matrix of inputs and process them simultaneously. However, in order to scale beyond one computer's computation power, During the inference or training process, these inferencing engines offload their computations to other machines to compute. This is one of the most essential concepts of AI/ML - Just as ChatGPT, one server has no chance handling millions messages at one time, They definitely offload the actual computation part into clusters of hundres of thousands machines with hundres of thousands of GPUs.

    3. This is what Llama C++ RPC servers do. They use a certain protocol to assign machines to offload Tensor (matrix) computations from one to another, written in such low-level, hardware interacting ways to optimize computation efficiency. However, this scalability property of distributed-inferencing made a possible vulnerability way more fatal and important, since these vulnerabilities can be exploited at scale too, taking over hundreds, thousands of machines at the same time.

    4. The first few weeks looking into Llama.cpp, I found exactly nothing. There were vulnerability reports about half a year prior to my research. But it it made the RPC port server more robust and reinforced. There's a dozen times where I thought I found vulnerability, but actually got sanitized by internal sanitizers or security checkers within the server. As I described previously, one huge pain of hunting real-world context is that you never know if you're ever going to find one vulnerability until the moment you actually found one. That sort of mental and physical pain was pretty torturing. I found nothing in the first few weeks, and it meant that all these works were for nothing.

    5. Just this one random night in the school's library, I noticed something interesting that I had previously skipped. After re-inspecting once and once more, building the entire program, and testing it locally, it turned out it was a vulnerability, I was so happy back then that I almost jumped off the second floor of the library - However, this doesn't mean anything meaningful or simply victory, since not every vulnerability or exploit can be used in practice and is actually important to look into. Without building an exploitation chain that escalates this vulnerability into exploitable RCE (aka remote code executions), this vulnerability means nothing since it does nothing - And it is that process of exploiting this vulnerability, creating exploitation chainthe truly painful process.

    6. It was a redundant, long, painful process, so I think I'm just going to skip the technical details here back then I was traveling between the US and China. It was like 15 hours that I spent entirely just on the airplane, and it's pretty painful since you might know what you might found, but you don't know if it's actually something important or as important as you thought it would be. - Finally, I was able to exploit it using some pretty whimsical and unexpected way of exploiting and using llama.cpp' very own memory structures and layouts. At that time, when a shell pops up, which indicates you have successfully exploited or compromised a machine, I got that magical feeling again.

    7. This actually just seems like magic. By chaining these blocks of seemingly independent, related property line codes in the program, you construct a way to abuse these codes for normal functions, but in a way that's controllable. It's like explaining literature using math.

      That sort of process of piecing every puzzle through whimsical, unexpected, interesting, and intriguing ways are just something that's magic is just incredible.

  15. After that, I spend around two months putting everything together to sort of storytell my journey from figuring out everything from the beginning, weeks of no rewards nor feedback, and finally finding the vulnerability to end; believing it might not be exploitable and all for nothing to magically construct a chain of exploitation together, into a 10,000 words writeup, Just like a year ago, I posted it on my blog, and people loved it.

    1. I was invited to Korea from U.S. with full honorarium to talk about my exploitation journey on Llama.cpp RPC (I spent a week turning this ten-thousand-word write-up into a 70-page slide deck for an hour-long presentation) - Travel alone aboard to Seoul, speech right after a 15 hour plane flight, no language accessibility. Facing Jet-lagging, anxiety and facing into the unknown before the show. ... I wrote about this on my high-school application, It spread around Y Combinator's Hacker News, people reacted to it and gave their feedback. They got reposted on different cybersecurity publications... Jobs opportunities
    2. Most importantly, I finished a work, a research that I would literally dream of when I was younger, two or three years ago, at an extent of research finding that intellectually-exciting research with that looks like magic...

  16. After the llama.cpp exploitation journey as a researcher, with another TV series (Silicon Valley by HBO), I pivot a direction I was working on a year ago: Working on putting AI together with Binary Exploitation - I tried two or three startups in between. I worked on campus social network, techdebts problem, AirBnB for distributed inference - but at the end of the day, I found my way back to Binary Exploitation, because it's the thing I was intrigued, loved from the beginning.

    1. Just two months ago, I stepped off the stage of Black Hat USA as the youngest speaker in their history, turning a project that I have worked on an entire year on into 30 minutes... After that, Interview, VCs reached out, we're put our head into research & development of this wish putting AIs into CPU level security years ago - we're now raised bit fund, working with Tsinghua University's ML security lab, our product integrated in GGML... Perparing for another talk as I wrote this:)

  17. It has been a full circle. Four years ago, I had not even touched a computer before, and all of of this just feels like the sort of magic that I was always telling you about in my story. I never touched a computer before 11, and I was always wanted to be a comedian or an actor. Intrigued literally by a TV show and a video game, Chose the hardest path for some reason. I found my way through writing and explaining. I magically found this vulnerability in my middle school's website... I got invited to Tencent. Getting into AI security, I finished this research in llama.cpp, that I was dreaming of, spoke on Black Hat...

    All of this may sounds like magic, but it's not. As here, I would love to quote one of my favorite quotes from the creator of human's first chatbot - Joseph Weizenbaum

    It is said that to explain is to explain away. This maxim is nowhere so well fulfilled as in the area of computer programming, especially in what is called heuristic programming and artificial intelligence. For in those realms machines are made to behave in wondrous ways, often sufficient to dazzle even the most experienced observer. But once a particular program is unmasked, once its inner workings are explained in language sufficiently plain to induice understanding, its magic crumbles away; it stands revealed as a mere collection of procedures, each quite comprehensible. The observer says to himself "I could have written that". With that thought he moves the program in question from the shelf marked "intelligent" to that reserved for curios, fit to be discussed only with people less enlightened that he.

    This goes for artificial intelligence, however, I believe this also goes through life. I hope my story - Of a dude that hasn't touched a computer who dreamt of being an actor, and was intrigued by a TV show and a video game at all before 11 - tells you about the fact that behind all these wondrous magics, It's just a mere collection of passion, curiosity, and love. If this is possible for me, it's possible for you. So just take that step ahead and try things out, and maybe, you know, one day you might spot yourself at a place, that you will never even dream of.