Wu Shi Tencent Cohen laboratories: one scientific fighter, has talked with Microsoft-Wu Shi, Tencent. Cohen laboratories-IT information

In early July, Tencent joint laboratory was established in Shenzhen, the matrix is the first Internet Security Lab, which covered anti-virus laboratory, anti-fraud laboratories, Mobile Security Labs, Cohen lab, black lab, zhanlu lab, Yun-Ting seven laboratories of the laboratory, the laboratory will focus on security technology and security defense system.

Cohen laboratory (Keen Team) is a team of information security theory and China leading global technology research "white hat" security research team of information security experts, is a worldwide manufacturer confirmed vulnerability was found in the largest number and most understood one of the breakthroughs of modern security technology professional security team. Keen Team hundreds of security has been applied to the world of every Windows PC, every Apple devices and Android Terminal.

Cohen lab Chief Scientist Wu Shi is a legend, he has earned three consecutive ZDI vulnerability computer mining Platinum Award in the world, is also the world's top Black Hat Pwnies Prize for the first person to be nominated by the Chinese, by Forbes magazine "discovered Apple security team more than twice times as a whole".

Recently, in a media interview, the network security world God revealed his many little-known stories.

Wu Shi said that he grew up as a xueba, especially for having great interest in mathematics, so he confidently entered the Department of mathematics, Fudan University. But in College, as many students are math genius, Wu Shi mathematics achievement is not very prominent, which made him under attack. However, a computer game called MUD changed the course of his life.

In 1996, Wu Shi obsessed with "MUD", which is a game of pure character structure has a long history. Not satisfied with Wu Shi normal game move up "crooked". He developed a method, can into the game servers, and for adjusting your game statistics. This vulnerability to the Wu Shi great joy, said that to some extent, computers began to replace the position of mathematics in his life. Throughout junior, Wu Shi put all my energy into working at a software company, that little lesson, hanging in the exam subject is his price.

Though it cost a heavy, but Wu Shi has embarked on this road, after graduation, he worked in doing software research and development at the same time, spare time to hone in on vulnerability mining. Soon, he found a critical vulnerability in the popular IM software: If QQ/want want to send a message to the other party, can get permissions to the other computer, control of their computer. This vulnerability is Tencent and Ali repaired soon, Wu Shi also received thanks from both.

In this way, Wu Shi has been doing a "Lei", white hat, but after the last submitted to Microsoft vulnerabilities, he not only received thanks from Microsoft, are also famous ZDI vulnerability teams come. ZDI said: "the vulnerability of such high quality, should give us, we will give you money. ”

Home has a similar team often deceptive, so Wu Shi skeptically submitted to them a vulnerability results after a month of disturbing waiting, more than 3,000 dollars in his bank account. Since then Wu Shi then embarked on the road to vulnerability bounty hunter.

Then Wu Shi has built himself a set of detecting vulnerable systems, makes him look for holes greatly enhance efficiency, after selling dozens of vulnerabilities in a row, Microsoft's own security team was shocked, because Wu Shi a number of vulnerabilities submitted almost their entire team. In 2007, when Microsoft found Wu Shi, invited him to join.

Wu Shi's work is this: never go to Microsoft nor Microsoft United States, Department heads each year from the United States flew to the Wu Shi home and watch him again. And the workload of each year over more than 20 available vulnerability, today can be completed in one month. He was using the time to constantly improve vulnerability mining system, read a book, watch a movie. Way to use the money to buy the suites.

Later, Wu Shi to join Cohen laboratory, and became the laboratory's Chief Scientist, Cohen lab now be owned by Tencent, is one of the joint laboratory of Tencent security.

腾讯科恩实验室吴石：一位挂科学霸，曾与微软谈笑风生 - 吴石,腾讯.科恩实验室 - IT资讯

7月初，腾讯安全联合实验室在深圳正式成立，这是国内首个互联网安全实验室矩阵，旗下涵盖反病毒实验室、反诈骗实验室、移动安全实验室、科恩实验室、玄武实验室、湛泸实验室、云鼎实验室七大实验室，实验室将专注安全技术研究及安全攻防体系搭建。

其中的科恩实验室（Keen Team）是一支由在信息安全理论和技术研究方面全球领先的中国“白帽”安全专家组成的信息安全研究队伍，是世界范围内由厂商官方确认发现计算机漏洞数量最多、最了解突破现代安全保护技术的专业安全团队之一。Keen Team的数百项安全成果已经应用于世界上每一台Windows PC、每一台苹果设备和每一台安卓终端。

科恩实验室首席科学家吴石更是一位传奇人物，他曾连续三年获得ZDI全球漏洞计算机挖掘白金贡献奖，也是全球顶级黑帽成果Pwnies奖第一个被提名的中国人，被福布斯杂志评价“发现的漏洞是苹果整个安全团队的两倍还多”。

近日，在接受媒体采访时，这位网络安全界的大神对外透露了自己诸多鲜为人知的故事。

吴石说，他从小就是一个学霸，尤其对数学有着浓厚的兴趣，因此他信心满满地考入了复旦大学数学系。不过在大学期间，由于很多同学都是数学牛人，吴石的数学成绩并不是很突出，这使得他备受打击。然而，一款名为MUD的电脑游戏改变了他的人生轨迹。

1996年，吴石痴迷于“MUD”，这是一个历史悠久的纯字符结构的游戏。并不满足于正常游戏的吴石动起了“歪心”。他研究出了一种方法，可以黑进游戏的服务器，并且成功修改了自己的游戏数据。这个漏洞带给了吴石极大的快乐，某种程度上说，计算机开始代替了数学在他生命中的位置。整个大三，吴石把全部的精力放在了去软件公司打工，以至于几乎没有上一节课，在考试中挂了一科便是他的代价。

虽然代价有些惨重，但是吴石却一心走上了这条道路，毕业后他在做着软件研发工作的同时，业余时间仍在钻研漏洞挖掘。很快，他在流行的IM软件中发现了一个重大漏洞：只要给对方的QQ/旺旺发送一条消息，就能够得到对方电脑的权限，控制对方的电脑。很快这一漏洞被腾讯和阿里修复，吴石也收到了来自这两者的致谢。

就这样，吴石一直做着一个“雷锋式”的白帽子，但是在一次给微软提交漏洞之后，他不仅收到了微软的致谢，还被著名漏洞团队ZDI找上门来。ZDI表示，“这么高质量的漏洞，应该给我们，我们会给你钱。”

因为国内也有类似团队经常这样骗人，所以吴石抱着怀疑的态度向他们提交了另外一个漏洞，结果经过一个月的忐忑等待，他的账户里多了三千多美金。从此吴石便走上了漏洞赏金猎人之路。

后来吴石自己搭建了一套检测漏洞的系统，使得他寻找漏洞的效率大大提升，在连续卖了数十个漏洞后，微软自己的安全团队都被震惊了，因为吴石一个人提交的漏洞数量几乎超过他们整个团队。在2007年的时候，微软找到了吴石，邀请他加入。

吴石的工作状态是这样的：从来不去微软中国，也不去微软美国，每年部门领导从美国飞到吴石家里看他一次。而他每年20多个可用漏洞的工作量，累计用一个月就能完成。他用剩下的时间不断改进漏洞挖掘系统，读读书，看看电影。顺便用这些钱买了套房。

再后来，吴石加入科恩实验室，并成为该实验室的首席科学家，现在科恩实验室归于腾讯旗下，是腾讯安全联合实验室之一。