whoami

I'm Kamdin Bembry, pursuing an independent study in 'Computer Security Engineering and Research' at Rochester Institute of Technology. I specialize in vulnerability research and security engineering.

About Me

I'm interested in understanding core systems functionality and leveraging that for exploitation. My research focuses on:

  • Compiler Security: LLVM codegen, optimization mechanisms, and MCA
  • Browser Exploitation: V8 JS engine research and exploitation
  • Kernel & OS Security: Custom operating systems for fuzzing
  • Microarchitecture: cache optimization and branch predictors
  • Penetration Testing: Security assessments and hacking

Education

  • Rochester Institute of Technology
    • Independent Study in 'Computer Security Engineering and Research'

Work Experience

  • Browser Security Researcher @ Dataflow Security (May 2026 – Present)
    • Performing vulnerability research on browser engines, identifying, analyzing, and exploiting security flaws
    • Leading R&D projects for tooling to support efficient bug discovery and analysis
  • Security Researcher @ Zellic (Jan 2026 – Present)
    • Led VRIG research extending Google's JavaScript fuzzer Fuzzilli with V8-derived feedback heuristics tracking JIT optimization and hidden map states
    • Built a dockerized fuzzing network with batched PostgreSQL synchronization and multi-agent tooling; ran a 600 vCPU campaign across 3 servers for three weeks
  • Red Teamer @ Gray Swan (Jan 2026 – Present)
    • Performed black box security assessments on frontier large language models to identify vulnerabilities and share threat intelligence with frontier labs
  • Penetration Tester @ Coalfire (May 2025 – Aug 2025)
    • Performed security audits across client engagements to proactively identify security flaws
    • Contributed to a security assessment on AI-integrated IDEs targeting vulnerabilities in AI components
    • Collaborated with clients to present findings and consult on remediation strategies

Research & Projects

  • VRIG Co-Lead (Aug 2024 – Present)
    • Co-lead student security research group specializing in low-level exploitation, vulnerability analysis, and reverse engineering
    • Led projects on custom OS development, heap exploitation, custom allocator development, and JavaScript browser engine research
  • AI Integrated IDE Security Assessment (June 2025 – Aug 2025)
    • Conducted security assessment of AI-integrated IDEs, discovering vulnerabilities including arbitrary file exfiltration, arbitrary code execution, and dozens of successful prompt injections
  • V8 Quarterly Quiz (Feb 2025 – June 2025)
    • Completed pwn.college V8 Quarterly Quiz (Username: ziarashid)
    • Explored V8 compiler architecture, Turbofan's sea of nodes, feedback vectors, and V8 sandbox internals
  • Compiler & Browser Research (Nov 2024 – Present)
    • Implemented custom programming language with LLVM backend; studied LLVM IR creation and optimization mechanisms
    • Experimented with JavaScript's V8 engine for exploitation research
  • Kernel and OS for Fuzzing & Vulnerability Research (Aug 2024 – Dec 2024)
    • Built minimalistic operating system and custom kernel for fuzz testing with LibAFL's QEMU mode
    • Focused on hypervisor security and guest-to-host escape detection

CTF Competitions

Member of Squid Proxy Lovers and SDCL

Competition Team Rank
Google CTF 2025 Squid Proxy Lovers 3rd Place
Plaid CTF 2025 Squid Proxy Lovers 2nd Place
DEF CON Finals 2025 SuperDiceCode 3rd Place
DEF CON Quals 2025 SuperDiceCodeLovers 1st Place
CSAW Finals 2025 Squid Proxy Lovers 1st Place

Skills

  • Languages & Architectures: C++, Golang, LLVM IR, Python, JavaScript, Swift, x86_64, MIPS, ARM
  • Tools: LLVM-mca, Z3, CodeQL, AFL++, pwntools, Flamegraph, IDA, BurpSuite, pwndbg
  • Security Research: Vulnerability research, penetration testing, reverse engineering, fuzzing
  • Compiler Security: LLVM optimizations, instruction selection, Machine Code Analysis
  • Browser Exploitation: V8 engine internals, sandbox bypass techniques, JavaScript exploitation

Personal Interests

In my free time I enjoy learning Japanese & Korean, backpacking the world, snowboarding, wrestling & Brazilian Jiu-Jitsu, hacky sacking, archery, spirited driving, and reading novels.

This website showcases my research, projects, and experiences. Feel free to contact me on discord @ziarashid.