Chasing ambition and losing people
Good people are hard to come by. Keep them close by taking care of yourself first.
Musings on software, security, and the world.
All of my long-form thoughts on what I'm learning, what I'm building, and what I'm thinking about. I hope you find something interesting here.
Executing arbitrary Python code from a comment
Can you execute arbitrary Python code from only a comment? We explore how Python's overzealous ZIP file detection can lead to unexpected code execution vulnerabilities when well-escaped user input is injected into comments or string literals in Python source files.
What would happen if I died tomorrow?
A reflection on the impact of a single life and the choices we make.
Leaving Cambridge and co-founding Hacktron AI
In a few weeks, I'll be leaving Cambridge and working on Hacktron AI full-time. We're going to shape the future of AI-assisted security research.
My NRIC number was public for four days. Should it have been?
The NRIC numbers of individuals became available to anyone on the public internet through a new feature in the ACRA portal. My thoughts on the incident and why it is a big deal.
An introduction to CodeQL and data flow analysis
The fundamentals of static code analysis, taint tracking, and problems that CodeQL is solving under the hood.
Why I'm "quitting" (offensive) security
I don't think I can ever truly quit security, but I'm ready to take a pause on popping shells and start building things that last. Here's a reflection on my journey so far and why I'm taking a step back.
I used to write about security and CTFs on infosec.zeyu2001.com and ctf.zeyu2001.com. These will remain up so that backlinks to popular writeups don't break, but this blog is where I'll be posting new content.