Zhengyu Liu

I am currently a second-year Ph.D. student in Computer Science at Johns Hopkins University, advised by Prof. Yinzhi Cao. Before joining JHU, I received my bachelor's degree in Cybersecurity from Sichuan University. During my undergrad, I was very fortunate to be advised by Prof. Cheng Huang.

My research interest lies in Web Security and AI Software Security, especially leveraging program analysis approaches to detect/exploit/patch vulnerabilities in real-world complex applications and systems.

Besides, I am a CTF pwn&web player. I lead the team Z0D1AC (JHU academic team) and is a member of thehackerscrew (international team, Top 10 on CTFTime.org).

[New!!] My talk about DOM Clobbering just got accepted to the DEFCON 33 main stage! See you in Las Vegas this August!

Email /  GitHub  /  Blog  /  CV  /  Google Scholar  /  Linkedin

profile photo

Publications

The First Large-Scale Systematic Study of Python Class Pollution Vulnerability


Zhengyu Liu, Jiacheng Zhong, Jianjia Yu, Muxi Lyu, Zifeng Kang, and Yinzhi Cao
paper / poster / code / slides /
To appear in the proceedings of IEEE Symposium on Security and Privacy (S&P Oakland), 2026

The DOMino Effect: Detecting and Exploiting DOM Clobbering Gadgets via Concolic Execution with Symbolic DOM


Zhengyu Liu, Theo Lee, Jianjia Yu, Zifeng Kang, and Yinzhi Cao
paper / poster / code / slides /
USENIX Security Symposium, 2025
Artifact Badges: Artifacts Available, Artifacts Functional, Results Reproduced Honorable Mentions (Top 6% among accepted papers)

Follow My Flow: Unveiling Client-Side Prototype Pollution Gadgets from One Million Real-World Websites


Zifeng Kang, Muxi Lyu, Zhengyu Liu, Jianjia Yu, Runqi Fan, Song Li, and Yinzhi Cao
paper / poster / code / slides /
IEEE Symposium on Security and Privacy (S&P Oakland), 2025 Distinguished Paper Award

Undefined-oriented Programming: Detecting and Chaining Prototype Pollution Gadgets in Node.js Template Engines for Malicious Consequences


Zhengyu Liu, Kecheng An, and Yinzhi Cao
paper / poster / code / slides /
IEEE Symposium on Security and Privacy (S&P Oakland), 2024
Nominee of Top 10 Web Hacking Techniques of 2024 by PortSwigger

A Framework for Threat Intelligence Extraction and Fusion


Yongyan Guo, Zhengyu Liu, Cheng Huang, Nannan Wang
paper / poster / code / slides /
Computer & Security

Coreference Resolution for Cybersecurity Entity: Towards Explicit, Comprehensive Cybersecurity Knowledge Graph with Low Redundancy


Zhengyu Liu, Haochen Su, Nannan Wang, Cheng Huang
paper / poster / code / slides /
EAI International Conference on Security and Privacy in Communication Networks (SecureComm), 2022

CyberRel: Joint Entity and Relation Extraction for Cybersecurity Concepts


Yongyan Guo, Zhengyu Liu, Cheng Huang, Jiayong Liu, Wangyuan Jing, Ziwang Wang, Yanghao Wang
paper / poster / code / slides /
International Conference on Information and Communications Security (ICICS), 2022 Best Student Paper Award

A Sybil Detection Method in OSN based on DistilBERT and Double-SN-LSTM for text analysis


Xiaojie Xu, Jian Dong, Zhengyu Liu, Jin Yang, et al.
paper / poster / code / slides /
EAI International Conference on Security and Privacy in Communication Networks (SecureComm), 2021

Talks
From Static to Smart: LLM-enhanced Static Analysis on Web Application Vulnerability Detection
Ant Group SRC Annual Celebration, June 2025
slides / video /
The DOMino Effect: Automated Detection and Exploitation of DOM Clobbering Vulnerability at Scale
DEFCON 33, Las Vegas, Aug 2025
slides / video /

Capture The Flags

Team member @ TheHackersCrew
Won 17 medals for the year of 2024, 7 Gold + 5 Silver + 5 Bronze 		2023 Jan. - Now
Co-lead @ The Group Z0D1AC
Achieved 2nd place RaymondJamesCTF 2024 ($5000 cash prize),
3rd place RaymondJamesCTF 2023 ($2500 cash prize), etc. 		2022 Oct. - Now

Selected Honors & Awards

Notable Artifact Reviewer, USENIX Security 2025 2025 Aug
Cybersecurity Elite Honor, School of Cyber Science and Engineering, Sichuan University 2022 May
The 404 Scholarship, School of Cyber Science and Engineering, Sichuan University 2022 Dec.
First Class Scholarship, School of Cyber Science and Engineering, Sichuan University 2021 Sep.
Outstanding Student Honor, Sichuan University 2020 & 2021

Finalist (with Team 42-b3yond-6ug), DARPA AI Cyber Challenge (AIxCC) 2024 Aug.
The 9th Place, 2021 ByteDance Security AI Competition, ByteDance(TikTok) 2021 Nov.
The 2nd Place, School of Computing Summer Workshop, National University of Singapore 2021 July
Excellent Thesis, Innovation and Entrepreneurship Training Program for College Students 2020 Sep.
Third Prize (¥30,000), The 4th “Qiangwang Cup” National Cybersecurity Challenge 2020 Sep.

Professional Services

External Reviewer

  • Annual Computer Security Applications Conference (ACSAC '25)
  • Symposium on Research in Attacks, Intrusions, and Defenses (RAID '25)
  • Workshop on Measurements, Attacks, and Defenses for the Web (MADWeb '25)
  • IEEE Symposium on Security and Privacy (S&P '25, '26)
  • USENIX Security Symposium (Usenix '24, '25, '26)
  • IEEE Computer Security Foundations Symposium (CSF '24)
  • Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA '24)

Artifact Evaluation Committee

  • Network and Distributed System Security Symposium (NDSS '26)
  • The ACM Conference on Computer and Communications Security (CCS '25)
  • USENIX Security Symposium (Usenix '25)

Experiences

Security Research Intern, Siemens 2025 June. - 2025 Aug.
Course Assistant, EN.445/645 Practical Cryptographic Systems (25 Spring), JHU 2025 Feb. - 2025 May.
Course Assistant, EN.601.340/440/640 Web Security (23 Fall), JHU 2023 Sep. - 2023 Dec.
Research Assistant, JHU, Advisor: Dr. Yinzhi Cao 2023 June - 2023 Aug.
Research Assistant, Sichuan University, Advisor: Dr. Cheng Huang 2020 Aug. - 2022 June

StarBugs

I have discovered some vulnerabilities in popular OSS (over 40 CVEs in repos with >1K stars on GitHub), as well as in products maintained by companies including Google, Microsoft, Meta, and Ant Group (Alipay). A selective list of them is shown below.

CVE-2025-5120 HuggingFace Transformers & Smolagents Sandbox Escape
CVE-2025-24049 Microsoft Azure CLI RCE
CVE-2025-30358 Mesop DoS & Jailbreak
CVE-2025-30374 Taipy XSS & RCE
CVE-2025-54063 Cherry Studio RCE
CVE-2025-54374 Eidos RCE
CVE-2024-43805 Jupyter Notebook/JupyterLab Stored XSS
CVE-2024-38354 Hackmd.io Stored XSS
CVE-2024-49362 Joplin RCE
CVE-2024-12029 InvokeAI RCE (Deserialization)
CVE-2024-43788 Webpack DOM Clobbering

Design and source code from Jon Barron's website