Zhongming Yi

QAT kernel driver development, POC delivery of cutting-edge features.

QAT is about accelerating data encryption and compression for applications, from the web to the enterprise, from the cloud to storage, and from content delivery to databases.

• Collaborated with management, internal and development partners regarding software application design status and project progress.
• Updated encryption and decryption driver code to support the latest protocol TLS 1.3, involving HKDF process and hardware interaction.
• Fixed PSIRT bug.(PSIRT was found by someone outside the company , and always cause the crash or 0day).
• Fixed bugs of Encrypt\Decrypt(RSA,ECDH,ECDSA) in driver code.
• Repaired bugs caused by undocumented Windows functions by reverse engineering, primarily by analyzing the execution flow of undocumented functions within "ntoskrnl.exe" to determine the root cause.
• Improve application security maturity at scale by designing, implementing, and building security solutions

Developing kernel driver code for new requirements, reverse-engineering kernel layers and application software of other products to analyze their logic, thereby safeguarding our own driver.

• Implemented protection code for product files using the Minifilter file filtering driver framework, preventing malicious programs from deletion.
• Developed a process callback driver to safeguard product process files, preventing malicious programs from forcibly terminating them.
• Implemented anti-debugging and anti-virtual machine protections to the core code to prevent reverse engineering of the product by competitors.
• Improve application security maturity at scale by designing, implementing, and building security solutions

Responsible for developing antivirus software as well as crafting virus software for testing purposes.

• Developed numerous undetectable test virus cases that can bypass mainstream antivirus software on the market, such as Windows Defender, 360 Total Security, Kaspersky, Norton, and Symantec.
• Reverse-engineered virus and Trojan samples found online, familiar with common anti-debugging techniques, and proficient in conventional reverse engineering methods.
• Developed a virus scanning tool that detects and intercepts virus behavior through signature analysis, behavior analysis, etc. Proficient in common evasion techniques and popular virus and Trojan disguises.

Developed and maintained decentralized remote control software, while also analyzing prevalent Trojan viruses and documenting their characteristics and features.