Zhengyu Liu
I am currently a second-year Ph.D. student in Computer Science at Johns Hopkins University, advised by Prof. Yinzhi Cao. Before joining JHU, I received my bachelor's degree in Cybersecurity from Sichuan University. During my undergrad, I was very fortunate to be advised by Prof. Cheng Huang.
My research interest lies in Web Security, Software Security and AI for Security, especially leveraging program analysis approaches to detect/exploit/patch vulnerabilities in real-world complex applications and systems.
Besides, I am a CTF pwn&web player. I lead the team Z0D1AC (JHU academic team) and is a member of thehackerscrew (international team, Top 10 on CTFTime.org).
I played with team 42-b3yond-6ug in the AIxCC competition, where we were awarded $2 million and advanced to the final competition (Top 7) in August 2025.
Email /
GitHub /
Blog /
CV /
Google Scholar / 
Linkedin
|
|
Follow My Flow: Unveiling Client-Side Prototype Pollution Gadgets from One Million Real-World Websites
Zifeng Kang, Muxi Lyu, Zhengyu Liu, Jianjia Yu, Runqi Fan, Song Li, and Yinzhi Cao
paper /
poster /
code /
slides /
To appear at IEEE Symposium on Security and Privacy (S&P Oakland), 2025
|
Undefined-oriented Programming: Detecting and Chaining Prototype Pollution Gadgets in Node.js Template Engines for Malicious Consequences
Zhengyu Liu, Kecheng An, and Yinzhi Cao
paper /
poster /
code /
slides /
IEEE Symposium on Security and Privacy (S&P Oakland), 2024
■
Nominee of Top 10 Web Hacking Techniques of 2024 by PortSwigger
|
A Framework for Threat Intelligence Extraction and Fusion
Yongyan Guo, Zhengyu Liu, Cheng Huang, Nannan Wang
paper /
poster /
code /
slides /
Computer & Security
|
Coreference Resolution for Cybersecurity Entity: Towards Explicit, Comprehensive Cybersecurity Knowledge Graph with Low Redundancy
Zhengyu Liu, Haochen Su, Nannan Wang, Cheng Huang
paper /
poster /
code /
slides /
EAI International Conference on Security and Privacy in Communication Networks (SecureComm), 2022
|
CyberRel: Joint Entity and Relation Extraction for Cybersecurity Concepts
Yongyan Guo, Zhengyu Liu, Cheng Huang, Jiayong Liu, Wangyuan Jing, Ziwang Wang, Yanghao Wang
paper /
poster /
code /
slides /
International Conference on Information and Communications Security (ICICS), 2022
■
Best Student Paper Award
|
A Sybil Detection Method in OSN based on DistilBERT and Double-SN-LSTM for text analysis
Xiaojie Xu, Jian Dong, Zhengyu Liu, Jin Yang, et al.
paper /
poster /
code /
slides /
EAI International Conference on Security and Privacy in Communication Networks (SecureComm), 2021
|
Capture The Flags
Team member @ TheHackersCrew
Won 17 medals for the year of 2024, 7 Gold + 5 Silver + 5 Bronze
|
2023 Jan. - Now |
Co-lead @ The Group Z0D1AC
Achieved 2nd place RaymondJamesCTF 2024 ($5000 cash prize), 3rd place RaymondJamesCTF 2023 ($2500 cash prize), etc.
|
2022 Oct. - Now |
|
Selected Honors & Awards
Cybersecurity Elite Honor, School of Cyber Science and Engineering, Sichuan University |
2022 May |
The 404 Scholarship, School of Cyber Science and Engineering, Sichuan University |
2022 Dec. |
First Class Scholarship, School of Cyber Science and Engineering, Sichuan University |
2021 Sep. |
Outstanding Student Honor, Sichuan University |
2020 & 2021 |
Finalist (with Team 42-b3yond-6ug), DARPA AI Cyber Challenge (AIxCC) |
2024 Aug. |
The 9th Place, 2021 ByteDance Security AI Competition, ByteDance(TikTok) |
2021 Nov. |
The 2nd Place, School of Computing Summer Workshop, National University of Singapore |
2021 July |
Excellent Thesis, Innovation and Entrepreneurship Training Program for College Students |
2020 Sep. |
Third Prize (¥30,000), The 4th “Qiangwang Cup” National Cybersecurity Challenge |
2020 Sep. |
|
Professional Services
External Reviewer |
IEEE Symposium on Security and Privacy (S&P '25)
USENIX Security Symposium (Usenix '24, '25)
IEEE Computer Security Foundations Symposium (CSF 24')
Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA '24)
|
Artifact Evaluation Committee |
USENIX Security Symposium (Usenix '25)
|
|
Experiences
Course Assistant, EN.601.340/440/640 Web Security (23 Fall), JHU |
2023 Sep. - 2023 Dec. |
Research Assistant, JHU, Advisor: Dr. Yinzhi Cao |
2023 June - 2023 Aug. |
Research Assistant, Sichuan University, Advisor: Dr. Cheng Huang |
2020 Aug. - 2022 June |
|
StarBugs
I have discovered many vulnerabilities in popular OSS (20+ CVEs in repos with >1K stars on GitHub), as well as in products maintained by companies including Google and Meta.
A selective list of them is shown below.
|
|