Hi, I'm Aaron (Seongjoon) Cho, an offensive security researcher based in South Korea. I work on browser vulnerability research at SSD Secure Disclosure, currently focused on the V8 JavaScript engine.

I started this blog to document and share what I learn. If you've ever gone looking for material on browser vulnerability research and exploitation, you've probably noticed how little is out there — I hope these notes help fill some of that gap. They are also notes from my own learning, so I'll get things wrong from time to time. If you spot something off, or just want to share thoughts, please reach out — I'd love to hear from you.