Zhenghang Xiao(肖政杭)

Zhenghang Xiao(肖政杭)

Hacking for fun!

肖政杭 (Zhenghang Xiao)

清华大学 网络与信息安全实验室 2023级硕士研究生
清华大学 FIT楼
[email protected] / [email protected]

教育背景

  • 工学硕士(网络空间安全),清华大学,2023 – 2026
  • 工学学士(信息安全),湖南大学,2019 – 2023

研究兴趣

  • 浏览器安全、二进制漏洞挖掘与利用
  • LLM for Security
  • Web3 / Blockchain Security

学术论文

  1. [USENIX Security ’23] KextFuzz: Fuzzing macOS Kernel EXTensions on Apple Silicon via Exploiting Mitigations.
    Tingting Yin, Zicong Gao, Zhenghang Xiao, Zheyu Ma, Min Zheng, Chao Zhang.
    In USENIX Security Symposium, 2023.

  2. [IEEE TDSC] KextFuzz: A Practical Fuzzer for macOS Kernel EXTensions on Apple Silicon.
    Tingting Yin, Zicong Gao, Zhenghang Xiao, Zheyu Ma, Min Zheng, Chao Zhang.
    In IEEE Transactions on Dependable and Secure Computing.

  3. [SecureComm ’23] Discovering and Understanding the Security Flaws of Authentication and Authorization in IoT Cloud APIs for Smart Home.
    Minglei Guo, Zhenghang Xiao, Xin Liu, Jianwei Zhuge.
    In SecureComm 2023.

  4. [Findings of ACL ’23] Not The End of Story: An Evaluation of ChatGPT-Driven Vulnerability Description Mappings.
    Xin Liu, Yuan Tan, Zhenghang Xiao, Jianwei Zhuge, Rui Zhou.
    In Findings of ACL 2023.

工业会议

  • [Black Hat USA 2023 Briefing] The Hat Trick: Exploit Chrome Twice from Runtime to JIT
  • [Zer0Con 2024] Attacking Chrome from Runtime to JIT Once Again
  • [Black Hat USA 2024 Briefing] Super Hat Trick: Exploit Chrome and Firefox Four Times
  • [Black Hat Asia 2025 Briefing] Bridging the Gap: Type Confusion and Boundary Vulnerabilities Between WebAssembly and JavaScript in V8

技术头衔

  • Google Chrome VRP 年度榜单 Top Researcher(#3@2023,#7@2024)
  • OpenHarmony 社区“漏洞挖掘突出贡献个人”(2024)