Ziyi Guo(Roland Guo) [Gallery] Northwestern University, Evanston, IL, USA. |
[2024.08] Our Team 42-b3yond-6ug won DARPA's AIxCC SemiFinal at DEFCON 32, awarded $2 million. [link]
[2024.07] Awarded Student Grant from USENIX Security'24
[2024.06] Page Spray is accepted by USENIX Security 2024. [link]
[2024.02] Our Team 42-b3yond-6ug won $1 million from DARPA's Artificial Intelligence Cyber Challenge(AIxCC), top 7 in the world. I learn a lot from Professors and Mates! [link]
My research interests focus on exploring the potential of Large Language Models(LLMs) in Security(LLM4Sec), while also developing new vulnerability exploitation techniques and system defense.
Northwestern University, Ph.D., Computer Science.
September 2023 to Present, Evanston, USA
Sichuan University, B.E., Cyber Security.
September 2019 to July 2023, Chengdu, China
Take a Step Further: Understanding Page Spray in Linux Kernel Exploitation. [Link]
Ziyi Guo, Dang K Le, Zhenpeng Lin, Kyle Zeng, Ruoyu Wang, Tiffany Bao, Yan Shoshitaishvili, Adam Doupé, Xinyu Xing
USENIX Security 2024
CAMP: Compiler and Allocator-based Heap Memory Protection. [Link]
Zhenpeng Lin, Zheng Yu, Ziyi Guo, Simone Campanoni, Peter Dinda, Xinyu Xing
USENIX Security 2024
Cross Container Attacks: The Bewildered eBPF on Clouds. [Link]
Roland Guo* and Yi He* , Yunlong Xing, Xijia Che, Kun Sun, Zhuotao Liu, Ke Xu, Qi Li
USENIX Security 2023
* indicates equal contribution
Guiding LLMs fix realworld vulnerabilities.
- Under Review.
World Finalist, DARPA's AIxCC, Core member of 42-b3yond-bug, DARPA News: "DARPA AI Cyber Challenge Proves Promise of AI-Driven Cybersecurity"
World Finalist, DEFCON 29 CTF, Team r3kapig
World Finalist, DEFCON 30 CTF, Team r3kapig
Artifact Evaluation Program Committee(AEC): USENIX Security 2024, ISSTA 2024
External Reviewer: IEEE S&P 2024, IEEE S&P 2025
Safeguarding Critical Software Infrastructure through Novel AI Systems
News reports cover 42-b3yond-6ug: UWaterloo , DARPA , InfoSecurity Magazine , MeriTalk , Cyberscoop , Dark Reading , ExecutiveGov , The Readable , Science of Security , The Register
I wrote some tech blogs for people who want to learn vulnerability exploitation in Kanxue
I discovered and reported many realworld vulnerabilities, such as: [CVE-2024-25431, CVE-2024-27527, CVE-2024-27528, CVE-2024-27529, CVE-2024-27530, CVE-2023-48105, CVE-2024-27532 and etc] for Web3 Projects. Also some credits, like: [expression injection vulnerability]