Jimmy Mi

Profile

  • Threat-Informed Security Engineer with 6+ years of R&D experience in offensive security, malware analysis, and Linux internals.
  • Proven track record in applying an offensive mindset to engineer robust, next-generation defensive solutions.
  • Creator of open-source Command & Control (C2) frameworks used globally, passionate about building innovative solutions to complex security challenges at enterprise scale.

Technical Expertise

  • Programming: Go, Python, C, Bash, PowerShell.
  • Offensive R&D: C2 design, evasion techniques, malware development, Linux internals, process injection, eBPF, ptrace, syscalls.
  • Detection & IR: Threat hunting, malware reverse engineering, incident response, network analysis, eBPF-based kernel monitoring.
  • Cloud & Infra: AWS (High Distinction in coursework), Kubernetes (K8s) security concepts, Docker, Linux namespaces/cgroups, network protocols.

Professional Experience

Senior Security Researcher at Beijing Topsec Network Security Technology Co Ltd

From Oct 2018 to Feb 2024 (Beijing)

  • Led security R&D, resulting in multiple registered patents for innovative malware detection and evasion techniques.
  • Engineered a detection solution for a boot-time malware that evaded standard tools. Created a script using eBPF (tcpconnect.py) to hook kernel-level network activity, successfully identifying the malicious file on boot.
  • Performed malware reverse engineering on the captured binary; used gdb to inspect the process and extract its encrypted runtime configuration from memory, confirming C2 infrastructure.
  • Led incident response for a lateral movement attack; identified adversary TTPs (PowerShell log erasure) and correctly analysed the event as part of a larger, existing C2 compromise, preventing a full-scale breach.

Security Engineer (internship) at Qingteng Cloud Security Ltd

From Feb 2018 to Sep 2018 (Beijing)

  • Supported enterprise-level cybersecurity operations, threat analysis, and vulnerability assessment protocols.

Academic Qualifications

  • Feb 2024 - Dec 2025: Monash University (Clayton, Australia) - Master of Cyber Security, Research
  • Overall WAM: 80 (High Distinction). Achieved HDs in: Cloud Computing (AWS), Software Security, Network Security, Cryptography, and Python.
  • Thesis: Adversarial QUIC C2 Camouflage Against ML-Based IDS. Successfully evaded ML classifiers even when trained on the camouflaged traffic.
  • Invited by thesis supervisor, Dr Xiaoning Du, to serve as a tutor for the Software Security unit based on academic performance.
  • Developed a full-mark, end-to-end encrypted messaging app (Cryptography unit) implementing dynamic session keys for Perfect Forward Secrecy.
  • Feb 2021 - Oct 2021: Arizona State University (Online) - Master of Computer Science, GPA: 4.0/4.0
  • Achieved A+ in Binary Exploitation (ret2system), Blockchain Engineering, Cryptography
  • Sep 2014 - Jul 2018: Zhengzhou University (Zhengzhou, China) - Bachelor of Engineering in Electronic Information Engineering

Security R&D, Projects

emp3r0r (1,600+ GitHub stars)

Link: https://github.com/jm33-m0/emp3r0r Date: 2019 - Present

Comprehensive Linux/Windows C2 framework in Go. Features advanced C2 channels (HTTP/2, QUIC, TOR, CDN), ptrace-based credential harvesting, PTY-compliant shell, and extensive module ecosystem.

SSH-Harvester (375+ GitHub stars)

Link: https://github.com/jm33-m0/SSH-Harvester Date: 2023-2023

Advanced OpenSSH password harvester leveraging Go-based ptrace debugging capabilities for real-time credential interception.

Malware Analysis Tooling - win-sandbox-init (146+ GitHub stars)

Date: 2024 - Present

Developed PowerShell scripts to automate the deployment of a full malware analysis environment in a Windows Sandbox VM in under 2 minutes.

Additional Projects

Date: 2019 - Present

Creator of go-cdn2proxy (CDN-based C2 transport), win10-mouse-natural-scroll, and go-lpe (Pure Go implementation of various local privilege escalation exploits).

Publications & Patents

  • CVE-2019-13272: Analysis of LPE via PTRACE_TRACEME. https://www.anquanke.com/post/id/223999
  • CVE-2018-18955: LPE for newer Linux kernels. https://jm33.me/cve-2018-18955-a-handy-lpe-f or-newer-linux-kernels.html
  • Patent CN117201072B: Real-time OpenSSH credential harvesting system via process injection.
  • Patent CN116775147B: Advanced ELF object injection into active process memory.
  • Patent CN116016638A: TLS-based C2 traffic obfuscation system.
  • Patent CN113810427B: Automatic proxy chain implementation for C2.
  • Patent CN114629889B: SSH-encapsulated remote shell implementation.
  • Patent CN115334133A: Fully PTY-compliant remote shell for Windows.
  • Patent CN116016479A: Kernel module architecture for authenticating C2 traffic.