Zhenghang Xiao (肖政杭)

Experience

• M.S., Cyberspace Security, Tsinghua University, 2023–2026.
• B.S., Information Security, Hunan University, 2019–2023.

Research Interests

• Browser security; binary vulnerability discovery & exploitation
• LLM for Security
• Web3 / Blockchain security

Conferences & Journals

1. [USENIX Security ’23] KextFuzz: Fuzzing macOS Kernel EXTensions on Apple Silicon via Exploiting Mitigations.
   Tingting Yin, Zicong Gao, Zhenghang Xiao, Zheyu Ma, Min Zheng, Chao Zhang.
   In USENIX Security Symposium, 2023.

2. [IEEE TDSC] KextFuzz: A Practical Fuzzer for macOS Kernel EXTensions on Apple Silicon.
   Tingting Yin, Zicong Gao, Zhenghang Xiao, Zheyu Ma, Min Zheng, Chao Zhang.
   In IEEE Transactions on Dependable and Secure Computing.

3. [SecureComm ’23] Discovering and Understanding the Security Flaws of Authentication and Authorization in IoT Cloud APIs for Smart Home.
   Minglei Guo, Zhenghang Xiao, Xin Liu, Jianwei Zhuge.
   In SecureComm 2023.

4. [Findings of ACL ’23] Not The End of Story: An Evaluation of ChatGPT-Driven Vulnerability Description Mappings.
   Xin Liu, Yuan Tan, Zhenghang Xiao, Jianwei Zhuge, Rui Zhou.
   In Findings of ACL 2023.

Industry Presentations

• [Black Hat USA 2023 Briefing] The Hat Trick: Exploit Chrome Twice from Runtime to JIT
• [Zer0Con 2024] Attacking Chrome from Runtime to JIT Once Again
• [Black Hat USA 2024 Briefing] Super Hat Trick: Exploit Chrome and Firefox Four Times
• [Black Hat Asia 2025 Briefing] Bridging the Gap: Type Confusion and Boundary Vulnerabilities Between WebAssembly and JavaScript in V8

Honors & Titles

• Google Chrome VRP Annual Top Researcher (#3 in 2023, #7 in 2024)
• OpenHarmony Community “Outstanding Contribution in Vulnerability Research” (2024)