Ziyi Guo(Roland Guo) [Gallery] Department of Computer Science, Northwestern University, Evanston, IL, USA. |
[2024.08] Our Team 42-b3yond-6ug won DARPA's AIxCC SemiFinal at DEFCON 32, awarded $2 million. [link]
I'm a second year CS Ph.D. student at Northwestern. I'm advised by Prof.Yan Chen, and I also work closely with Prof.Xinyu Xing.
Before joining in Northwestern, I had a great research experience at NISL in Tsinghua University, advised by Prof.Qi Li.
I'm broadly interested in those realworld security problems, hidden in various software and systems. I'm also a CTFer @r3kapig, focus on vulnerability exploitation (Pwn).
I also design and develop AI / LLM agent to improve the security and reliability for real-world software and systems.
Northwestern University
Ph.D. Student in CS, 2023 ~ Present.
Sichuan University
Bachelor, 2019 ~ 2023
Tsinghua University, 2022.03 ~ 2023.05
Research Intern, advised by Prof. Qi Li
Tencent Security Xuanwu Lab, 2021.10 ~ 2022.02
Security Researcher (Intern). Leader: Huiming Liu
* indicates co-first author
Finalist (top 7 worldwide), DARPA AIxCC
- Team 42-b3yond-6ug [Press]
Finalist, DEFCON 30 CTF in 2022.
- Team r3kapig
Finalist, DEFCON 29 CTF in 2021.
- Team r3kapig
1st Prize, WMCTF 2020.
- Team 0x401
UNIQLO Scholarship Awardee in 2021. (0.05% in Sichuan University)
Artifact Evaluation Program Committee(AEC): USENIX Security 2024, ISSTA 2024, USENIX Security 2025
External Reviewer: IEEE S&P 2024, IEEE S&P 2025
Department Of The Navy: DARPA AI Cyber Challenge Proves Promise of AI-Driven Cybersecurity
Northwestern University News: Safeguarding Critical Software Infrastructure through Novel AI Systems
Northwestern University News: Advancing Compiler Technology
News reports cover 42-b3yond-6ug: UWaterloo , DARPA , InfoSecurity Magazine , MeriTalk , Cyberscoop , Dark Reading , ExecutiveGov , The Readable , Science of Security , The Register
I discovered and reported many realworld vulnerabilities, such as:
[WebAssembly] CVE-2024-25431: Understanding and Mitigating the Wasm-Micro-Runtime Vulnerability
[WebAssembly] CVE-2024-27527: GitHub Advisory
[WebAssembly] CVE-2024-27528: Snyk Security Report
[WebAssembly] CVE-2024-27529: Snyk Security Report
[WebAssembly] CVE-2024-27530: Synk Security Report
[WebAssembly] CVE-2024-27532: Addressing NULL Pointer Dereference Vulnerability in Wasm-Micro-Runtime
[CI/CD] GHSA-7q92-pph9-5686: GitHub Actions expression injection vulnerability