Zeyu (Zayne)
@zeyu2001.bsky.social
• CS @ Cambridge
• CTFs with Water Paddler / Blue Water
• Security at Electrovolt / Cure53
• DEFCON 31-32 finalist
• Also on Twitter and infosec.exchange
• CTFs with Water Paddler / Blue Water
• Security at Electrovolt / Cure53
• DEFCON 31-32 finalist
• Also on Twitter and infosec.exchange
My slides from a talk I did at Cambridge about Static Program Analysis. I go into how data flow analysis (like taint propagation in CodeQL) works from first principles — should be digestible with some first-year university maths knowledge
zeyu2001.github.io/cam-ib-tech-...
zeyu2001.github.io/cam-ib-tech-...
zeyu2001.github.io
April 2, 2025 at 9:35 AM
My slides from a talk I did at Cambridge about Static Program Analysis. I go into how data flow analysis (like taint propagation in CodeQL) works from first principles — should be digestible with some first-year university maths knowledge
zeyu2001.github.io/cam-ib-tech-...
zeyu2001.github.io/cam-ib-tech-...
First onsite CTF in the UK! cheriPI @ pwnEd
March 16, 2024 at 11:03 PM
First onsite CTF in the UK! cheriPI @ pwnEd
Kind of strange flying 15 hours to get to Taiwan, when my home is only 4 hours away. Anyway I'm here for HITCON!
November 13, 2023 at 11:23 PM
Kind of strange flying 15 hours to get to Taiwan, when my home is only 4 hours away. Anyway I'm here for HITCON!
I will never be 21 and whining about CTF infrastructure from a luxury suite in Vegas with my teammates again.
Earlier this month, I participated in the DEF CON 31 CTF and Midnight Sun CTF. This post serves as proof that I touched grass along the way.
infosec.zeyu2001.com/2023/def-con...
Earlier this month, I participated in the DEF CON 31 CTF and Midnight Sun CTF. This post serves as proof that I touched grass along the way.
infosec.zeyu2001.com/2023/def-con...
DEF CON 31 CTF && Midnight Sun CTF Finals 2023
My first hacker summer camp experience 🏖️
infosec.zeyu2001.com
August 29, 2023 at 9:26 AM
I will never be 21 and whining about CTF infrastructure from a luxury suite in Vegas with my teammates again.
Earlier this month, I participated in the DEF CON 31 CTF and Midnight Sun CTF. This post serves as proof that I touched grass along the way.
infosec.zeyu2001.com/2023/def-con...
Earlier this month, I participated in the DEF CON 31 CTF and Midnight Sun CTF. This post serves as proof that I touched grass along the way.
infosec.zeyu2001.com/2023/def-con...
done with my first linecon!
August 10, 2023 at 3:42 PM
done with my first linecon!
Will be in LA on 6-7, Vegas 8-14, Munich 15-18, Stockholm 19-20. Let me know if you'd like to meet up!
August 3, 2023 at 2:44 AM
Will be in LA on 6-7, Vegas 8-14, Munich 15-18, Stockholm 19-20. Let me know if you'd like to meet up!
Many cross-site leak (XS-Leak) attacks are limited by SameSite cookies, and the ones that make use of top-level navigations aren't stealthy enough. What if we could weaponise HTML injection (where XSS is blocked by CSP) to leak data? Here's my small research rabbit hole from a few weekends ago...
From XS-Leaks to SS-Leaks Using object
Using nested objects, lazy loading and responsive images to leak data
infosec.zeyu2001.com
August 2, 2023 at 8:38 AM
Many cross-site leak (XS-Leak) attacks are limited by SameSite cookies, and the ones that make use of top-level navigations aren't stealthy enough. What if we could weaponise HTML injection (where XSS is blocked by CSP) to leak data? Here's my small research rabbit hole from a few weekends ago...