Saif has a keen interest in exploit development and sharing everything he learns. Over the years he has released several exploitation tutorials, examples and a grammar-based browser fuzzer, wadi (Defcon 23).
He has created a PoC on exploiting MS16-098 RGNOBJ Integer Overflow on Windows 8.1 x64 bit by abusing GDI objects (CVE-2016-3309): https://github.com/sensepost/ms16-098
https://www.defcon.org/html/defcon-25/dc-25-speakers.html#El-Sherei
https://twitter.com/saif_sherei
http://www.elsherei.com/