GithubPersonal GitBlog PostsOSX seriesMy Recommended BooksEfiens Blogs

Welcome to my personal website, where I post random things and thoughts.

I'm a Security Engineer at BShield and Verichains Before that, I was a member of Efiens under the name luibo.

My specialty are in computer security: memory forensics, binary analysis, program analysis, and compiler. My interest in computer systems are programming languages. I am finding for opportunities in type theory, operational semantic, and formal methods.

My Github is nganhkhoa. But I also maintain my personal git at git.nganhkhoa.com.

You can find out more about me in my CV.
I often write blogs, most of them are based on my research knowledge. You can find my blogs here.
I also wrote a series about Mach-O binary format. You can find it here.
I am a Vietnamese polyglot, fluent in English, conversational in Japanese, beginners in Mandarin and Korean.

"I use (neo)Vim and Arch, btw" - probably me. This site is written using elm-pages.

My Projects

(2023) TSShock

At Verichains, our team discovered multiple weaknesses in most implementations of Threshold ECDSA Signature Scheme following the works of Gennaro and Goldfeder. As the result, we presented our findings at Black Hat USA 2023 and Hack In The Box Phuket 2023 titled "TSSHOCK: Breaking MPC Wallets and Digital Custodians for $BILLION$ Profit".

(2023) Audited Vietnam Citizen Card

Performed auditing of the protocol and the chip-based Citizen Card of Vietnam. Simulation of NFC protocols conforming to ICAO 9303. Found several vulnerabilities in applications verifying the authenticity of these cards. Government applications and devices are also audited. The foundation research for the development of BShield Secure-ID.

(2019 - 2023) Mach-O binary format analysis and obfuscation

Research into Mach-O binary format, which is used in Apple devices. Proposed obfuscation for the Mach-O binary. Familiar with tools for pentesting iOS applications.

(2021-2022) LLVM based Obfuscation

Build a LLVM based obfuscation compiler. Extend Obfuscator-LLVM with Mixed Boolean-Arithmetic as well as many other obfuscation passes. Fully updated to LLVM 14 with support for both new and legacy pass manager. A CTF challenge is released obfuscated using our obfuscator in TetCTF 2022

(2019-2023) Windows Live Memory Forensics

Research into Windows Forensics. Learned techniques used in Memory Forensics and familiar with tools like Volatility. Develope a new method for Live Forensics using Memory Forensics without Memory Extraction. A prototype is implemented, capable of inspecting the kernel global variables, structures, and performing Pool Tag Quick Scanning. This prototype is updated in 2023 to also detect injected code in processes for detection of DLL Injection, Reflective DLL Injection, Process Hollowing, and similar malware techniques.


Publications

Most of my publications are drafts and not reviewed paper. Because I am not in an academic environment so I do not know how to publish.

New Key Extraction Attackson Threshold ECDSA Implementations. Duy Hieu Nguyen, Anh Khoa Nguyen, Huu Giap Nguyen, Thanh Nguyen, Anh Quynh Nguyen. August 2023.
[website] [whitepaper] [HITB Recordings]

Obfuscate API calls in Mach-O Binary. Anh Khoa Nguyen. Expecting 2024.
[preprint]

Live Memory Forensics Without RAM Extraction. Anh Khoa Nguyen, Dung Vo Van Tien. Expecting 2024.
[preprint]

Dissertations

After I graduated, I often advise undergraduate students on their dissertations. The list below contains my dissertation and dissertations I advised.

Windows Memory Forensics: Finding hidden processes in a running machine.
Author: Anh Khoa Nguyen.
Advisors: An Khuong Nguyen, Le Thanh Nguyen, Quoc Bao Nguyen.
Year: 2020
[pdf]

Windows Memory Forensics: Detecting hidden injected code in a process.
Author: Vo Van Tien Dung.
Advisors: An Khuong Nguyen, Anh Khoa Nguyen.
Year: 2023
[pdf]