Hi! I’m Taha. I study computer science at Carnegie Mellon and focus on computer security.
Previously, I reported vulnerabilities to Apple, Nvidia, BBC, Department of Defense, Stanford, and AT&T.
I learned a lot of what I know by playing CTFs and reverse-engineering systems to manipulate them. I’m very interested in building robust fuzzers with the best oracles possible. Writing good oracles is the only way the false positive rates approach 0, and I recently figured out they can be useful as reward functions too (more).
I’m part of PPP, CMU’s hacking team. I mostly play web and embedded systems security. My favorite CTF was MITRE’s Embedded CTF, an intense 5-month cybersecurity competition where teams design and submit an embedded system, and then analyze and attack other teams’ designs with the goal of having the most impenetrable system.
Outside of work, I watch films and write about them. I’ve started posting short reviews on Letterboxd. I also play chess. I tilt into bullet too often, so my bullet rating is about 800 points lower than my blitz.
Before moving to the U.S. for CMU, I took a gap year after high school and traveled alone across Europe. I visited 14 countries, lived out of a backpack. I wrote most of my code on trains and missed more than a few stops while debugging.
My favorite book is Earthsea by Le Guin. I hate Studio Ghibli’s adaptation of it.
In November, I’m learning about TurboFan (intro) and distributed systems.