About Me
Hi, I’m a student currently :)
Interested in how to make software more secure!
Education
Carnegie Mellon University
Pittburgh, PA | Sep 2024 - Present
Huazhong University of Science and Technology
Skills
Languages:
Golang, Python, C, Shell, TypeScript, JavaScript, HTML/CSS, Assembly
Developer Tools:
Git, Django, AJAX, React, MongoDb, Node.js, Docker, JMeter, DBeaver, MySQL, Kafka, Wireshark, IDA, JMeter, DBeaver, Burp Suite, Metasploit,Checkmarx
Technologies:
Linux, Machine Learning, Scripting/Automation, Socket Programming, Multi-threading Programming, Concurrency Control, Static Program Analysis, Reverse Engineering, Forensics, Vulnerability Detection
Experiences
DPtech Technologies Co.,Ltd.
Test Development Engineer
Hangzhou, China | Jul 2023 - Sep 2023
DBeaver, JMeter, Kafka, Wireshark, Python/Shell scripting, Node.js, Automated Testing
· Developed automated scripts for data analytics, saving the team 10 hours of work per week and identifying 21 bugs.
· Designed test cases for the monitoring system independently and work with developers to launch 3 new features.
· Collaborated in optimizing and redesigning an API risk monitoring system, significantly improving its accuracy by nearly 5%.
China Huadian Corporation LTD.
Security Operations Engineer
Hubei, China | Jul 2022 - Aug 2022
Oracle Database, Access Control, Router Operation, Worm Virus
· Configured firewalls and IDS for security drills, preventing unauthorized access and detecting 100+ potential attacks.
· Monitored host activities and assessed vulnerabilities, patching 28 malware-infected computers in the network.
· Maintained the internal network, assessed network topology security, and improved security policies.
Systems and Software Security Laboratory
Researcher Assistant
Hubei, China | Nov 2021 - Jun 2024
Vulnerability, Taint Analysis, AST, XML, LLM
· Collaborated with the team to analyze 719 CVE vulnerability files, covering 16 different CWE types.
· Optimized vulnerability detection using code equivalence techniques and Codex for code completion.
· Awarded for Outstanding Student Entrepreneurship Project, presented at Wuhan Cybersecurity Innovation Forum.
Research
MalPacDetector: An LLM-based Malicious npm Package Detector
Instructor : Zhen Li | Mar 2023 - Jun 2024
TypeScript, AST, Python, LLM, Callgraph
github.com/willowwy/SerMalDetector
· An innovative, Large Language Model- or LLM-based Malicious npm Package Detector (MalPacDetector).
· Collected 3000+ malicious packages and proposed a dynamic feature extraction update mechanism using LLM.
· Programmed a coding scheme for extracting 23 serialized malicious features in NPM packages.
Detected 39 new malicious npm packages (verified by the npm community), filed a patent for the project, and earned an outstanding graduation thesis award.
Projects
Multiplayer Word Guessing Game
Go, React, TypeScript, WebSocket
· Built a concurrent TCP game server in Go supporting multiple game sessions with fault tolerance for player disconnections, implementing role-based state management and real-time synchronization.
· Designed a responsive React frontend with WebSocket integration, featuring role-specific UI.
Netfilter-based Network Sniffer
C, Linux kernel, Netlink
· Developed a user-defined rules system enabling state analysis and filtering of TCP, UDP, and ICMP protocol messages.
· Implemented NAT functionality for IP and port conversion and used Netfilter to invoke kernel functions for packet.
miniVPN: TLS/SSL VPN Implementation
Authentication, TUN/TAP, Qt
· Designed and integrated four key modules – SSL communication, pipeline communication, TUN communication, and the main scheduling module – to ensure the effective operation of the miniVPN server.
· Utilized public key encryption, PKI, X.509 certificates, and authentication mechanisms to establish secure transmission channels.
TFTP Protocol Client Program
C++, Socket Programming, TCP/UDP
· Utilized socket programming and developed network applications based on TCP/UDP.
· Implemented the TFTP protocol to handle file transfers efficiently between client and server.
API HOOK-based Software Behavior Analysis System
Windows, Detours, Qt
· Utilized the Detours library to intercept Win32 functions, enabling Windows API capture and behavior analysis.
· Developed a graphical interface using Qt for feature visualization.
Cafeteria Application Simulation of Campus Card
C, Data Structures, Algorithms
· Architected a versatile data structure utilizing sequential, hash table, and dynamic linked table storage methods for efficient storage.
· Conducted string similarity calculations and implemented fuzzy search to match for large-scale data.