About

Yooo! What’s up? If you’re reading this, thank you for checking out my blog. Let me introduce myself a bit, and it would be awesome if we could become friends.

My name is Chi, but my wife always calls me Fatty (thus my underground alias 0xfatty). I was a cook for about six years at a Vietnamese restaurant before transitioning into the tech industry. I had the chance to dip my toes into security in late 2018 when I got an internship with a healthcare company, and that’s when my passion for it began.

As someone new to the security field, I love learning from everyone and sharing what I’ve learned along the way. Through this blog, I’d love to share some security research that’s part of my learning journey.

If you’d like to chat, you can find me on Twitter @imspicynoodles (yes, I used to own a Vietnamese spicy noodles restaurant).

Certifications

Throughout my career, I earned a few certs that helped me dive deeper into security and how things work.

As of today, I have: OSCP | OSCE | OSWE | GPEN

CVE

Along my journey, there were some CVEs assigned to my research, below are some that I remember:

2019: CVE-2019-10016 | CVE-2019-10017 | CVE-2019-10105 | CVE-2019-10106 | CVE-2019-10107 | CVE-2019-10674 | CVE-2019-12347 | CVE-2019-12584 | CVE-2019-12585 | CVE-2019-12829 | CVE-2019-10674

2020: CVE-2020-7237 | CVE-2020-7106 | CVE-2020-7058 | CVE-2020-8962 | CVE-2020-14717 | CVE-2020-14716 | CVE-2020-14534 | CVE-2020-13951 | CVE-2020-14857 | CVE-2020-14856 | CVE-2020-14851 | CVE-2020-14850 | CVE-2020-14849 | CVE-2020-14834 | CVE-2020-14833 | CVE-2020-14831 | CVE-2020-14822 | CVE-2020-18921 | CVE-2020-18922 | CVE-2020-18923 | CVE-2020-18924 | CVE-2020-18925 | CVE-2020-18926 | CVE-2020-18927 | CVE-2020-18928 | CVE-2020-18929 | CVE-2020-18930 | CVE-2020-18931 | CVE-2020-18932 | CVE-2020-18933 | CVE-2020-18934 | CVE-2020-18935

2021: CVE-2021-34861 | CVE-2021-27576 | CVE-2021-2026 | CVE-2021-2027 | CVE-2021-28428

2023: CVE-2023-0855 (ZDI-23-555)

2024: CVE-2024-37014 | CVE-2024-46911 | CVE-2024-45719

Hall of Fame

Responsible Disclosure is what we all want to to. With that in mind, I was honored to get my name to a few

Oracle, Google, Microsoft, CERT-EU, Siemens, Department of Defense, F-Secure, Accenture, BMW, Trend Micro, United Nations, Bosch, Harvard, Apple, Facebook, Tenable, Proofpoint, Cigna, Broadcom, Palo Alto