VirtualBox Vulnerability Research Experience
October 07, 2025In late February 2024, I decided to perform some vulnerability research on VirtualBox. Even though I found two vulnerabilities that I…
Hello! I am Faraz. I'm currently a Lead Security Engineer at Zellic, focusing on L1 blockchain security.
Prior to this, I was a vulnerability researcher in Dataflow Security, focused on Chrome and the Android userland.
I still dabble in vulnerability research in my free time (so far, I've done some work on VirtualBox and the Linux kernel).
You can find my old vulnerability research blog here, but do note that all new blog posts will be on this blog.
Follow me on twitter!
In late February 2024, I decided to perform some vulnerability research on VirtualBox. Even though I found two vulnerabilities that I…
I recently decided to start doing some Linux kernel security research in my free time, with the goal of creating one of my own submissions…
In January 2023, I found and reported two separate bugs to the Cronos Gravity Bridge project on Immunefi. The first bug would allow an…
I wrote this blog post for the Zellic blog. You can find the post here. If you're after a high quality audit, please contact Zellic to set…
I spent a little bit of time on ParadigmCTF 2023. This post will give an in-depth rundown on how I solved two of those challenges: Grains of…
@CertiKAlert tweeted out an alert for a flash loan attack on SportsDAO yesterday (November 21, 2022). I spent ~1.5 hours recreating the…
I was scrolling through the @PeckShieldAlert and @CertiKAlert twitter accounts, looking for a complicated looking price manipulation style…
So.. It's been a long time since I've written anything on this blog. I've been out of touch with the cyber security twitterverse, and have…