Welcome! I am a 2nd-year Computer Science Ph.D. student at Indiana University Bloomington, advised by Prof. Luyi Xing. Previously, I received my B.Eng. and M.Eng. degree(advised by Prof. Guojun Peng ) from Wuhan University in 2020 and 2023, respectively. In general, my research area is system and software security. I mainly focus on vulnerability discovery and exploitation, with a broad interest in machine learning security and program analysis techniques. I have done a lot of hacking on IoT devices. Recently, I am learning programming languages and deep learning :)

News

[2024-08-23] Spent a wonderful summer with Binja folks! Check out our blog on Binja's UEFI plugin! [2024-05-14] Phoenix acknowledged my report and published a vulnerability fix [link] [2024-04-11] Accepted an offer from Vector 35, and will be working in beautiful Florida this summer! [2023-10-11] Lenovo fixed 16 vulnerabilities I reported. [link] [2023-08-14] Asus acknowledged my name on their product hall of fame :) [link] [2023-08-08] Lenovo patched the vulnerabilities I reported early this year. [link] [2023-08-02] Arrived in the USA! Starting a new journey! [2023-06-20] Received first class Graduate Outstanding Scholarship, awarded for 4,000¥. [2023-05-24] I am awarded as an Outstanding Graduate Student from WHU. [2023-05-20] Successfully defended my master thesis! Thanks to all my professors! Cheers! [2023-01-30] One paper was accepted to China Communication. [2022-12-21] Found three more vulnerabilities in UEFI, and reported to vendors! [2022-12-19] We, the 10TG team, got 7th at Datacon 2022 IoT Security Track and 5,000¥ prizes. [press] [2022-09-21] Got first-class scholarship for Graduate students, awarded for 4,000¥. [2022-02-17] I am nominated as an annual oustanding member(ranked 1st, my ID: 呆毛王与咖喱棒) in 52pojie(the biggest security forum in China). [link] [2021-11-09] We, the 10TG team, got 1st at Datacon 2021 Email Security Track and 50,000¥ prizes. [press]

Show More

Industry Experience

2024.05 ~ 2024.08 Vector35 Inc. Summer Intern Built and imporved UEFI plugin for Binary Ninja. Advanced UEFI Analysis with Binary Ninja, The Fallback Type Library
2022.06 ~ 2022.08 OPPO Telecom. Summer Intern Researched on Android clipboard privacy protection method.

Publications

[5] Research on Firmware Vulnerability Discovery Technology Based on Reaching Definition Analysis Runyuan Mei, Yanhao Wang, Zichuan Li, Guojun Peng Journal of Cyber Security, (Accepted)

[4] A Survey on the Evolution of Bootkits Attack and Defense Techniques [pdf] Yilin Zhou, Guojun Peng, Zichuan Li, Side Liu China Communication, 2024, Vol. 21, Issue: (1): 102-130

[3] A Unicorn-Based UEFI DXE Driver Emulation Method [pdf] Fangtao Cao, Jianming Fu, Zichuan Li Journal of Wuhan University (Natural Science Edition), 2023, 69(6): 690-698

[2] EN-Bypass: a security assessment method on e-mail user interface notification [pdf] Jingyi Yuan, Zichuan Li, Guojun Peng Chinese Journal of Network and Information Security, 2023, 9(3): 90-101

[1] Research on entity recognition and alignment of APT attack based on Bert and BiLSTM-CRF [pdf] Xiuzhang Yang, Guojun Peng, Zichuan Li, Yangqi Lv, Side Liu, Chenguang Li Journal on Communications, 2022, Vol. 43 Issue (6)

Vulnerability Credits

• Acer: CVE-2022-30426, CVE-2022-41415, CVE-2022-40080

• Asus: Product Security Hall of Fame, July 2023

• Lenovo: CVE-2022-48181, CVE-2022-48188, CVE-2023-34419, CVE-2023-4028, CVE-2023-4029, CVE-2023-43577, CVE-2023-43578, CVE-2023-43579, CVE-2023-43580, CVE-2023-43581, CVE-2023-43575, CVE-2023-43576, CVE-2023-43571, CVE-2023-43572, CVE-2023-43573, CVE-2023-43574, CVE-2023-43567, CVE-2023-43568, CVE-2023-43569, CVE-2023-43570, CVE-2023-5075

• Netgear: CVE-2022-30079, CVE-2022-30078

• Phoenix: CVE-2024-1598

Honors & Awards

05/2023, Outstanding Graduate Student, Wuhan University. 12/2022, 7th at Datacon Data Security Analytics Competition: IoT security Track. ($700) 09/2022, 1st rank scholarship for graduate students at Wuhan University. ($600) 12/2021, 1st at Datacon Data Security Analytics Competition: Email Security Track. ($7000) 09/2021, 1st rank scholarship for graduate students at Wuhan University. ($600) 05/2021, 1st rank scholarship for research excellent at Wuhan University 11/2020, 3rd Prize at Coremail Email Security Competition. ($1500) 09/2019, 3rd Prize at Chinese Information Hiding Competition.

Teaching & Services

• Reviewer Transactions on Information Forensics & Security (TIFS), 2023, 2024

• Sub-reviewer IEEE Symposium on Security and Privacy (S&P), 2024 Proceedings on Privacy Enhancing Technologies Symposium (PETS), 2024 Workshop on Secure and Trustworthy Superapps (SaTS), 2023, 2024 Mobile Networks and Applications, 2021 Journal of Cybersecurity, 2021

• Teaching experience

  • AT IU INFO-I 433 Secure Protocol, Indiana University Bloomington, Teaching Assistant, 2024 Spring

  • AT WHU Software Security, Wuhan University, Teaching Assistant, 2020 Fall Software Security, Online Mooc, Teaching Assistant, 2021 Spring

• Organizing Committee 9th XDef Network and Information Security Protection Summit 8th XDef Network and Information Security Protection Summit