Zhengyu Liu
I am currently a first-year Ph.D. student in Computer Science at Johns Hopkins University, advised by Prof. Yinzhi Cao. Before joining JHU, I received my bachelor's degree in Cybersecurity from Sichuan University. During my undergrad, I was very fortunate to be advised by Prof. Cheng Huang.
My research interest lies in Web Security, Software Security and AI for Security, especially leveraging program analysis approaches to automatically detect/exploit/patch vulnerabilities in real-world complex applications, software and system.
Besides, I am a CTF player specializing in pwn and web challenges. I lead the team Z0D1AC (JHU academic team) and is a member of thehackerscrew (international team, Top 10 in CTFTime.org).
I played with team 42-b3yond-6ug in the AIxCC competition, where we were awarded $2 million and advanced to the final competition (Top 7) in August 2025.
Email /
GitHub /
Blog /
CV /
Google Scholar / 
Linkedin
|
|
Follow My Flow: Unveiling Client-Side Prototype Pollution Gadgets from One Million Real-World Websites
Zifeng Kang, Muxi Lyu, Zhengyu Liu, Jianjia Yu, Runqi Fan, Song Li, and Yinzhi Cao
To appear at IEEE Symposium on Security and Privacy (S&P Oakland), 2025
|
Undefined-oriented Programming: Detecting and Chaining Prototype Pollution Gadgets in Node.js Template Engines for Malicious Consequences
Zhengyu Liu, Kecheng An, and Yinzhi Cao
IEEE Symposium on Security and Privacy (S&P Oakland), 2024
|
A Framework for Threat Intelligence Extraction and Fusion
Yongyan Guo, Zhengyu Liu, Cheng Huang, Nannan Wang
Computer & Security
|
Coreference Resolution for Cybersecurity Entity: Towards Explicit, Comprehensive Cybersecurity Knowledge Graph with Low Redundancy
Zhengyu Liu, Haochen Su, Nannan Wang, Cheng Huang
EAI International Conference on Security and Privacy in Communication Networks (SecureComm), 2022
|
CyberRel: Joint Entity and Relation Extraction for Cybersecurity Concepts
Yongyan Guo, Zhengyu Liu, Cheng Huang, Jiayong Liu, Wangyuan Jing, Ziwang Wang, Yanghao Wang
International Conference on Information and Communications Security (ICICS), 2022
Best Student Paper Award
|
A Sybil Detection Method in OSN based on DistilBERT and Double-SN-LSTM for text analysis
Xiaojie Xu, Jian Dong, Zhengyu Liu, Jin Yang, et al.
EAI International Conference on Security and Privacy in Communication Networks (SecureComm), 2021
|
Capture The Flags
Team member @ TheHackersCrew
Won 17 medals for the year of 2023, 8 Gold + 4 Silver + 3 Bronze
|
2023 Jan. - Now |
Co-lead @ The Group Z0D1AC
Achieved 2nd place RaymondJamesCTF 2024 ($5000 cash prize), 3rd place RaymondJamesCTF 2023 ($2500 cash prize), etc.
|
2022 Oct. - Now |
|
Selected Honors & Awards
Cybersecurity Elite Honor, School of Cyber Science and Engineering, Sichuan University |
2022 May |
The 404 Scholarship, School of Cyber Science and Engineering, Sichuan University |
2022 Dec. |
First Class Scholarship, School of Cyber Science and Engineering, Sichuan University |
2021 Sep. |
Outstanding Student Honor, Sichuan University |
2020 & 2021 |
The 9th Place, 2021 ByteDance Security AI Competition, ByteDance(TikTok) |
2021 Nov. |
The 2nd Place, School of Computing Summer Workshop, National University of Singapore |
2021 July |
Excellent Thesis, Innovation and Entrepreneurship Training Program for College Students |
2020 Sep. |
Third Prize, The 4th “Qiangwang Cup” National Cybersecurity Challenge |
2020 Sep. |
|
Professional Services
External Reviewer |
(Usenix '25) 34th USENIX Security Symposium
(Usenix '24) 33rd USENIX Security Symposium
(CSF 24') 37th IEEE Computer Security Foundations Symposium
(DIMVA '24) 21th Conference on Detection of Intrusions and Malware & Vulnerability Assessment
|
|
Experiences
Course Assistant, EN.601.340/440/640 Web Security (23 Fall), JHU |
2023 Sep. - 2023 Dec. |
Research Assistant, JHU, Advisor: Dr. Yinzhi Cao |
2023 June - 2023 Aug. |
Research Assistant, Sichuan University, Advisor: Dr. Cheng Huang |
2020 Aug. - 2022 June |
|
StarBugs
A selective list of zero-day vulnerabilities I have discovered in the past.
|
|