Profile picture

Hello! I am Faraz. I'm currently a Lead Security Engineer at Zellic, focusing on L1 blockchain security.

Prior to this, I was a vulnerability researcher in Dataflow Security, focused on Chrome and the Android userland.

I still dabble in vulnerability research in my free time (so far, I've done some work on VirtualBox and the Linux kernel).

You can find my old vulnerability research blog here, but do note that all new blog posts will be on this blog.

Follow me on twitter!

  1. December 11, 2023

    In January 2023, I found and reported two separate bugs to the Cronos Gravity Bridge project on Immunefi. The first bug would allow an…

  2. October 30, 2023

    I spent a little bit of time on ParadigmCTF 2023. This post will give an in-depth rundown on how I solved two of those challenges: Grains of…

  3. November 21, 2022

    @CertiKAlert tweeted out an alert for a flash loan attack on SportsDAO yesterday (November 21, 2022). I spent ~1.5 hours recreating the…

  4. November 14, 2022

    So.. It's been a long time since I've written anything on this blog. I've been out of touch with the cyber security twitterverse, and have…