Semarang, tekkom.ft.undip.ac.id –
Muhammad Alifa Ramdhan, an alumnus of the Department of Computer Engineering at Diponegoro University, has once again achieved an impressive international accomplishment. The 2023 graduate, who is now building his career at Star Labs Singapore, and his team won a top prize at the prestigious Pwn2Own Berlin 2025 competition. At the company, Alifa focuses on Vulnerability Research and Binary Exploitation, researching and exploiting software and system vulnerabilities with a particular emphasis on Linux and Android kernel security.
Alifa’s interest in computer systems and operating systems began during his school years. His strong curiosity motivated him to study cybersecurity diligently, participate in various Capture The Flag (CTF) competitions, and write blog posts in his spare time. He shared that courses such as C/C++ programming and Assembly at Undip’s Computer Engineering program played a crucial role in sharpening his skills in binary exploitation. According to him, understanding how operating systems work is a fundamental foundation for exploring cybersecurity in depth.
Drawing from his experience in Vulnerability Research, Alifa also shared his thoughts on current trends in the cybersecurity world. He highlighted how Artificial Intelligence (AI) is increasingly being used in cybersecurity auditing processes, including web security, penetration testing, bug hunting, and vulnerability research. “Many large companies and even new startups are now popularizing the use of AI for system security,” he said.
At Pwn2Own Berlin 2025, the company Alifa represents secured first place after earning the highest total points. One of the contributions to this victory came from Alifa’s entry, the Docker Desktop Escape. He and his team discovered a use-after-free (UAF) bug in the Linux Kernel, then performed a series of steps ranging from kernel heap grooming to achieving kernel memory read-write capabilities. What made the process particularly notable was that they found the zero-day bug and successfully built the exploit in a relatively short time, completing it in about two weeks during the three months leading up to the competition. “So when the contest started, we simply had to run the exploit we had prepared,” he explained. Alifa added that for anyone interested in exploring similar topics, studying Linux Kernel Exploitation through CTFs or publicly available kernel exploitation write-ups can be very helpful.
To current Computer Engineering students at Undip, Alifa encouraged them to keep exploring their interests, pursue independent learning, and actively build connections through competitions and communities. He hopes more students will take on national and international competitions, especially in the field of cybersecurity. “Competitions help us learn more, meet friends from other universities, and motivate ourselves,” he said. He also expressed his hope that the university will continue supporting active and high-achieving students through facilities, guidance, and recognition so that more achievements can emerge from the Department of Computer Engineering at Undip.