Hi! I’m Taha. I study computer science at Carnegie Mellon and focus on computer security.

Previously, I reported vulnerabilities to Apple, Nvidia, BBC, Department of Defense, Stanford, and AT&T.

I learned most of what I know from CTFs and reverse-engineering. I’m interested in building robust fuzzers with the best oracles possible. Writing good oracles is the only way the false positive rates become 0, and they can be useful as reward functions too.

I’m a member of PPP, CMU’s hacking team, where I focus on web and embedded systems. My favorite CTF is MITRE’s Embedded CTF, a five-month challenge where teams design an embedded system and then attack others’ designs to build the most secure one.

Outside of work, I watch films and write about them. I’ve started posting short reviews on Letterboxd. I also play chess. I tilt into bullet too often, so my bullet rating is about 800 points lower than my blitz.

Before moving to the U.S. for CMU, I took a gap year after high school and traveled solo across Europe. I visited 14 countries and lived out of a backpack. I wrote most of my code on trains and missed many stops while debugging.

I’m currently learning about TurboFan and distributed systems.

Feel free to reach out on Signal. or LinkedIn.