About Me
Hi!!! A student studying in Carnegie Mellon University.
Interested in how to make software more secure!
Education
Carnegie Mellon University
Pittburgh, PA | Sep 2024 - Present
Huazhong University of Science and Technology
Skills
Languages:
C/C++, Python, Shell, TypeScript, JavaScript, HTML/CSS, Assembly
Developer Tools:
Tools: VS Code, Visual Studio, Wireshark, Pip, npm, IDA, JMeter, DBeaver, Burp Suite, Metasploit,Checkmarx
Technologies:
Linux, Git, Docker, Network Programming, Machine Learning, Scripting/Automation, Static Program Analysis, Reverse Engineering, Forensics, Vulnerability Detection
Experiences
DPtech Technologies Co.,Ltd.
Test Development Engineer
Hangzhou, China | Jul 2023 - Sep 2023
DBeaver, JMeter, Kafka, Wireshark, Python/Shell scripting, Node.js, Automated Testing
· Developed automated scripts for data analytics, saving the team 10 hours of work per week and identifying 21 bugs.
· Designed test cases for the monitoring system independently and work with developers to launch 3 new features.
· Collaborated in optimizing and redesigning an API risk monitoring system, significantly improving its accuracy by nearly 5%.
China Huadian Corporation LTD.
Security Operations Engineer
Hubei, China | Jul 2022 - Aug 2022
Oracle Database, Access Control, Router Operation, Worm Virus
· Configured firewalls and IDS for security drills, preventing unauthorized access and detecting 100+ potential attacks.
· Monitored host activities and assessed vulnerabilities, patching 28 malware-infected computers in the network.
· Maintained the internal network, assessed network topology security, and improved security policies.
Systems and Software Security Laboratory
Researcher Assistant
Hubei, China | Nov 2021 - Jun 2024
Vulnerability, Taint Analysis, AST, XML, LLM
· Collaborated with the team to analyze 719 CVE vulnerability files, covering 16 different CWE types.
· Optimized vulnerability detection using code equivalence techniques and Codex for code completion.
· Awarded for Outstanding Student Entrepreneurship Project, presented at Wuhan Cybersecurity Innovation Forum.
Research
MalPacDetector: An LLM-based Malicious npm Package Detector
Instructor : Zhen Li | Mar 2023 - Jun 2024
TypeScript, AST, Python, LLM, Callgraph
github.com/willowwy/SerMalDetector
· An innovative, Large Language Model- or LLM-based Malicious npm Package Detector (MalPacDetector).
· Collected 3000+ malicious packages and proposed a dynamic feature extraction update mechanism using LLM.
· Programmed a coding scheme for extracting 23 serialized malicious features in NPM packages.
Detected 39 new malicious npm packages (verified by the npm community), filed a patent for the project, and earned an outstanding graduation thesis award.
Projects
Netfilter-based Network Sniffer
C, Linux kernel, Netlink
·Developed a user-defined rules system enabling state analysis and filtering of TCP, UDP, and ICMP protocol messages.
·Implemented NAT functionality for IP and port conversion and used Netfilter to invoke kernel functions for packet.
miniVPN: TLS/SSL VPN Implementation
Authentication, TUN/TAP, Qt
·Designed and integrated four key modules – SSL communication, pipeline communication, TUN communication, and the main scheduling module – to ensure the effective operation of the miniVPN server.
·Utilized public key encryption, PKI, X.509 certificates, and authentication mechanisms to establish secure transmission channels.
TFTP Protocol Client Program
C++, Socket Programming, TCP/UDP
· Utilized socket programming and developed network applications based on TCP/UDP.
· Implemented the TFTP protocol to handle file transfers efficiently between client and server.
API HOOK-based Software Behavior Analysis System
Windows, Detours, Qt
·Utilized the Detours library to intercept Win32 functions, enabling Windows API capture and behavior analysis.
·Developed a graphical interface using Qt for feature visualization.
Cafeteria Application Simulation of Campus Card} $|$ \emph{C, Data Structures, Algorithms
C, Data Structures, Algorithms
·Architected a versatile data structure utilizing sequential, hash table, and dynamic linked table storage methods for efficient storage.
·Conducted string similarity calculations and implemented fuzzy search to match for large-scale data.