Ziyi Guo(Roland Guo) [Gallery] Department of Computer Science, Northwestern University, Evanston, IL, USA.

News

• [2024.08] Our Team 42-b3yond-6ug won DARPA's AIxCC SemiFinal at DEFCON 32, awarded $2 million. [link]

About

• I'm a second year CS Ph.D. student at Northwestern. I'm advised by Prof.Yan Chen, and I also work closely with Prof.Xinyu Xing.

• Before joining in Northwestern, I had a great research experience at NISL in Tsinghua University, advised by Prof.Qi Li.

• I'm broadly interested in those realworld security problems, hidden in various software and systems. I'm also a CTFer @r3kapig, focus on vulnerability exploitation (Pwn).

• I also design and develop AI / LLM agent to improve the security and reliability for real-world software and systems.

Education

• Northwestern University

  Ph.D. Student in CS, 2023 ~ Present.

• Sichuan University

  Bachelor, 2019 ~ 2023

Work Experience

• Tsinghua University, 2022.03 ~ 2023.05

  Research Intern, advised by Prof. Qi Li

• Tencent Security Xuanwu Lab, 2021.10 ~ 2022.02

  Security Researcher (Intern). Leader: Huiming Liu

Publication

* indicates co-first author

1. PatchAgent: A Practical Program Repair Agent Mimicking Human Expertise
   ▪ Zheng Yu, Ziyi Guo, Yuhang Wu, Jiahao Yu, Meng Xu, Dongliang Mu, Yan Chen, Xinyu Xing
   ▪ USENIX Security '25
   


2. Take a Step Further: Understanding Page Spray in Linux Kernel Exploitation
   ▪ Ziyi Guo, Dang K Le, Zhenpeng Lin, Kyle Zeng, Ruoyu Wang, Tiffany Bao, Yan Shoshitaishvili, Adam Doupé, Xinyu Xing
   ▪ USENIX Security '24
   ▪ Page Spray technique has been applied in real-world 0-Day Vulnerability Exploitation. [disclosure]


3. CAMP: Compiler and Allocator-based Heap Memory Protection
   ▪ Zhenpeng Lin, Zheng Yu, Ziyi Guo, Simone Campanoni, Peter Dinda, Xinyu Xing
   ▪ USENIX Security '24


4. Cross Container Attacks: The Bewildered eBPF on Clouds
   ▪ Yi He* and Roland Guo*, Yunlong Xing, Xijia Che, Kun Sun, Zhuotao Liu, Ke Xu, Qi Li
   ▪ USENIX Security '23
   ▪ Cross Container Attack has been acknowledged and integrated into eBPF Security Threat Model by Linux Foundation. [link]

Honors & Awards

• Finalist (top 7 worldwide), DARPA AIxCC
  - Team 42-b3yond-6ug [Press]

• Finalist, DEFCON 30 CTF in 2022.
  - Team r3kapig

• Finalist, DEFCON 29 CTF in 2021.
  - Team r3kapig

• 1st Prize, WMCTF 2020.
  - Team 0x401

• UNIQLO Scholarship Awardee in 2021. (0.05% in Sichuan University)

Academic Services

• Artifact Evaluation Program Committee(AEC): USENIX Security 2024, ISSTA 2024, USENIX Security 2025

• External Reviewer: IEEE S&P 2024, IEEE S&P 2025

Media Coverage

Some of my works are reported by media.

• Department Of The Navy: DARPA AI Cyber Challenge Proves Promise of AI-Driven Cybersecurity

• Northwestern University News: Safeguarding Critical Software Infrastructure through Novel AI Systems

• Northwestern University News: Advancing Compiler Technology

• Container Breakout Vulnerabilities

• The Evolution and Impact of eBPF

• DEFCON Group 201

• News reports cover 42-b3yond-6ug: UWaterloo , DARPA , InfoSecurity Magazine , MeriTalk , Cyberscoop , Dark Reading , ExecutiveGov , The Readable , Science of Security , The Register

MISC

• I discovered and reported many realworld vulnerabilities, such as:
  [WebAssembly] CVE-2024-25431: Understanding and Mitigating the Wasm-Micro-Runtime Vulnerability
  [WebAssembly] CVE-2024-27527: GitHub Advisory
  [WebAssembly] CVE-2024-27528: Snyk Security Report
  [WebAssembly] CVE-2024-27529: Snyk Security Report
  [WebAssembly] CVE-2024-27530: Synk Security Report
  [WebAssembly] CVE-2024-27532: Addressing NULL Pointer Dereference Vulnerability in Wasm-Micro-Runtime
  [CI/CD] GHSA-7q92-pph9-5686: GitHub Actions expression injection vulnerability