Zichuan Li 李子川
lizic AT iu DOT edu
OR zichuan DOT li AT outlook DOT com
Welcome! I am a 2nd-year Computer Science Ph.D. student at Indiana University Bloomington, advised by Prof. Luyi Xing. Previously, I received my B.Eng. and M.Eng. degree(advised by Prof. Guojun Peng ) from Wuhan University in 2020 and 2023, respectively. In general, my research area is system and software security. I mainly focus on vulnerability discovery and exploitation, with a broad interest in machine learning security and program analysis techniques. I have done a lot of hacking on IoT devices. Recently, I am learning programming languages and deep learning :) |
[2024-08-23] Spent a wonderful summer with Binja folks! Check out our blog on Binja's UEFI plugin! [2024-05-14] Phoenix acknowledged my report and published a vulnerability fix [link] [2024-04-11] Accepted an offer from Vector 35, and will be working in beautiful Florida this summer! [2023-10-11] Lenovo fixed 16 vulnerabilities I reported. [link] [2023-08-14] Asus acknowledged my name on their product hall of fame :) [link] [2023-08-08] Lenovo patched the vulnerabilities I reported early this year. [link]
2024.05 ~ 2024.08
Vector35 Inc.
Summer Intern
Built and imporved UEFI plugin for Binary Ninja. Advanced UEFI Analysis with Binary Ninja, The Fallback Type Library |
|
2022.06 ~ 2022.08
OPPO Telecom.
Summer Intern
Researched on Android clipboard privacy protection method. |
[5] Research on Firmware Vulnerability Discovery Technology Based on Reaching Definition Analysis Runyuan Mei, Yanhao Wang, Zichuan Li, Guojun Peng Journal of Cyber Security, (Accepted)
[4] A Survey on the Evolution of Bootkits Attack and Defense Techniques [pdf] Yilin Zhou, Guojun Peng, Zichuan Li, Side Liu China Communication, 2024, Vol. 21, Issue: (1): 102-130
[3] A Unicorn-Based UEFI DXE Driver Emulation Method [pdf] Fangtao Cao, Jianming Fu, Zichuan Li Journal of Wuhan University (Natural Science Edition), 2023, 69(6): 690-698
[2] EN-Bypass: a security assessment method on e-mail user interface notification [pdf] Jingyi Yuan, Zichuan Li, Guojun Peng Chinese Journal of Network and Information Security, 2023, 9(3): 90-101
[1] Research on entity recognition and alignment of APT attack based on Bert and BiLSTM-CRF [pdf] Xiuzhang Yang, Guojun Peng, Zichuan Li, Yangqi Lv, Side Liu, Chenguang Li Journal on Communications, 2022, Vol. 43 Issue (6)
Acer: CVE-2022-30426, CVE-2022-41415, CVE-2022-40080
Asus: Product Security Hall of Fame, July 2023
Lenovo: CVE-2022-48181, CVE-2022-48188, CVE-2023-34419, CVE-2023-4028, CVE-2023-4029, CVE-2023-43577, CVE-2023-43578, CVE-2023-43579, CVE-2023-43580, CVE-2023-43581, CVE-2023-43575, CVE-2023-43576, CVE-2023-43571, CVE-2023-43572, CVE-2023-43573, CVE-2023-43574, CVE-2023-43567, CVE-2023-43568, CVE-2023-43569, CVE-2023-43570, CVE-2023-5075
Netgear: CVE-2022-30079, CVE-2022-30078
Phoenix: CVE-2024-1598
05/2023, Outstanding Graduate Student, Wuhan University. 12/2022, 7th at Datacon Data Security Analytics Competition: IoT security Track. ($700) 09/2022, 1st rank scholarship for graduate students at Wuhan University. ($600) 12/2021, 1st at Datacon Data Security Analytics Competition: Email Security Track. ($7000) 09/2021, 1st rank scholarship for graduate students at Wuhan University. ($600) 05/2021, 1st rank scholarship for research excellent at Wuhan University 11/2020, 3rd Prize at Coremail Email Security Competition. ($1500) 09/2019, 3rd Prize at Chinese Information Hiding Competition.
Reviewer Transactions on Information Forensics & Security (TIFS), 2023, 2024
Sub-reviewer IEEE Symposium on Security and Privacy (S&P), 2024 Proceedings on Privacy Enhancing Technologies Symposium (PETS), 2024 Workshop on Secure and Trustworthy Superapps (SaTS), 2023, 2024 Mobile Networks and Applications, 2021 Journal of Cybersecurity, 2021
Teaching experience
AT IU INFO-I 433 Secure Protocol, Indiana University Bloomington, Teaching Assistant, 2024 Spring
AT WHU Software Security, Wuhan University, Teaching Assistant, 2020 Fall Software Security, Online Mooc, Teaching Assistant, 2021 Spring
Organizing Committee 9th XDef Network and Information Security Protection Summit 8th XDef Network and Information Security Protection Summit