About

Eugene Lim is a security researcher and white hat hacker. He has worked on several bug bounty programs, including Starbucks, Grab, and Salesforce, and was ranked #2 globally out of more than 600,000 hackers on the Hackerone moving leaderboard. In 2019, he won the Most Valuable Hacker award at the H1-213 live hacking event in Los Angeles organized by Hackerone, the US Air Force, the UK Ministry of Defense, and Verizon Media.

He is interested in application security and securing user data through sustainable DevSecOps practices. He is pursuing additional experience in artificial intelligence and quantum computing.

Hackerone | Github | LinkedIn | Twitter

Conferences and Talks

Notable Research

CVE-2021-38646: Remote code execution in Microsoft Office Access Connectivity Engine via write-what-where gadget.
CVE-2021-33035: Remote code execution in Apache OpenOffice via return pointer overwrite with DEP/ASLR bypass.
CVE-2020-7788: Prototype pollution in ini package included in core Node.js installer and downloaded 16 million times a week.

Media

A malicious document could lead to RCE in Apache OpenOffice, Help Net Security
Apache OpenOffice can be hijacked by malicious documents, fix still in beta, The Register
Malicious documents can hijack Apache OpenOffice, TechRadar
AI Wrote Better Phishing Emails Than Humans in a Recent Test, WIRED Magazine
New npm scanning tool sniffs out malicious code, The Daily Swig
SQL injection flaw opened doorway to Starbucks’ accounting database, The Daily Swig
SQL Injection Vulnerability Exposed Starbucks Financial Records, SecurityWeek
Yale graduate earns $11,000 finding bugs by 'hacking' into government systems, The Straits Times
NSF is top hacker in Mindef's programme that gives cash for discovering software bugs, The Straits Times
NSF bug hunter wins big, PIONEER Magazine
Hacking the Singapore Government: A Q&A With A Top Hacker & MINDEF 2.0 Results, HackerOne

Eugene Lim