Yooo! What’s up? If you are reading this, thank you for checking this blog out. Let me introduce myself a bit and that would be great if we can become friends.

My name is Chi. But my wife always call me Mr. Fatty. I had been a cook for about 6 years in a Vietnamese restaurant before turning into tech industry. I had an opportunity to get my feets wet in Security in late 2018 after I got an internship from a Healthcare company. My passion started there.

As a newcomer to the Security field, I love to learn from everyone and share what I have learned and done. Through this blog, I would love to share to the community some security research that are part of my learning journey.

If you like to chat, I am here on Twitter @imspicynoodles (yes, I used to own a Vietnamese spicy noodles restaurant).


Throughout my career, I earned a few certs that helped me dive deeper into security and how things work.

As of today, I have: OSCP | OSCE | OSWE | GPEN


Along my journey, there were some CVEs assigned to my research, below are some that I remember:

2019: CVE-2019-10016 | CVE-2019-10017 | CVE-2019-10105 | CVE-2019-10106 | CVE-2019-10107 | CVE-2019-10674 | CVE-2019-12347 | CVE-2019-12584 | CVE-2019-12585 | CVE-2019-12829 | CVE-2019-10674

2020: CVE-2020-7237 | CVE-2020-7106 | CVE-2020-7058 | CVE-2020-8962 | CVE-2020-14717 | CVE-2020-14716 | CVE-2020-14534 | CVE-2020-13951 | CVE-2020-14857 | CVE-2020-14856 | CVE-2020-14851 | CVE-2020-14850 | CVE-2020-14849 | CVE-2020-14834 | CVE-2020-14833 | CVE-2020-14831 | CVE-2020-14822 | CVE-2020-18921 | CVE-2020-18922 | CVE-2020-18923 | CVE-2020-18924 | CVE-2020-18925 | CVE-2020-18926 | CVE-2020-18927 | CVE-2020-18928 | CVE-2020-18929 | CVE-2020-18930 | CVE-2020-18931 | CVE-2020-18932 | CVE-2020-18933 | CVE-2020-18934 | CVE-2020-18935

2021: CVE-2021-34861 | CVE-2021-27576 | CVE-2021-2026 | CVE-2021-2027 | CVE-2021-28428

2023: CVE-2023-0855 (ZDI-23-555)

2024: CVE-2024-37014

Hall of Fame

Responsible Disclosure is what we all want to to. With that in mind, I was honored to get my name to a few

Oracle, Google, Microsoft, CERT-EU, Siemens, Department of Defense, F-Secure, Accenture, BMW, Trend Micro, United Nations, Bosch, Harvard, Apple, Facebook, Tenable, Proofpoint, Cigna, Broadcom, Palo Alto