Portfolio

Skill Tags

Public Representative Work

Owing to the commercially sensitive nature of certain projects undertaken for my employer, a comprehensive list of my work cannot be provided. The following is a list of my published contributions.

1. Vulnerability and Attack/Defense Research

1. Protocol Security

• Listed in the GSMA Mobile Security Research Hall of Fame for discovering mobile network security issues.
• TCP/UDP Hijacking Issues in Mobile Networks: EuroS&P 2025, The Danger of Packet Length Leakage: Off-path TCP/IP Hijacking Attacks Against Wireless and Mobile Networks

2. Artificial Intelligence Security

I focus on new security issues emerging in the AI era and explore them from an attacker's perspective:

• A Method to Precisely Control LLM Output for Arbitrary Content: Black Hat USA 2025, Universal and Context-Independent Triggers for Precise Control of LLM Outputs
• Traditional Security Risks Introduced by AI's Web Browsing Capabilities: Black Hat EU 2025, AI's 'Web Browsing' Into A Gateway For Targeting 1B+ Users
• Human-Invisible Prompt Injection Using ICC Profiles: CCS 2025 Poster/Demo, Black-box Attacks on Multimodal Large Language Models through Adversarial ICC Profiles

3. Software & Supply Chain Security

• How Chromium N-day Vulnerabilities Can Produce 0-day Attack Effects in Environments Like Electron: DEFCON 31, ndays are also 0days: Can hackers launch 0day RCE attack on popular software only with chromium ndays?
• Assessment Framework for xz-type High-Stealth Backdoor Risks: AAAI 2026, An LLM-based Quantitative Framework for Evaluating High-Stealthy Backdoor Risks in OSS Supply Chains

2. Solution Development

1. LLM Applications in Security

• LLM-based Security Intelligence System: AI-driven automatic search, subscription, and analysis of security technical intelligence. Typical applications include tracking the latest advances in security technology for security research, and tracking the latest black/gray market attack methods in business security scenarios. This system powers Xuanwu Sectoday and Tencent's Post-Quantum Cryptography Portal.
• LLM-based Intelligent Semantic Search Library to Improve Vulnerability Discovery and Code Audit Efficiency: Black Hat Asia 2026 Arsenal, CodeRetrX: One-Click to Start Your Journey of Agentic Bug Hunting Github, Paper
• EDR Alert Analysis Robot Based on Security LLM, Achieving Automated Analysis and Classification of Massive Alerts: An EDR Alert Analysis Robot Based on Security LLM

2. Post-Quantum Cryptography Migration

• Analyzing Quantum Computing Threats and Researching Response Solutions, Including Cryptographic Asset Identification and Supply Chain Governance: Black Hat MEA 2025, RSA/EC Under Quantum Countdown: Quantum Timeline, Insights on Migration Challenges and Our Open-Source Solutions

3. Using Hardware Features for Code Analysis Tasks

• Using Intel Processor Trace to Bypass Anti-debugging: S&P 2018 Poster/Demo: PT-DBG: Bypass Anti-debugging with Intel Processor Tracing
• Efficient Multi-core Execution Flow Recording and Replay Based on Intel Processor Trace: CCS 2020 Poster/Demo: RIPT — An Efficient Multi-Core Record-Replay System
• Encapsulating Intel CPU Hardware Tracing Technology to Provide Efficient and User-friendly Program Execution Flow Tracing and Analysis Tools for Reverse Engineers: Black Hat USA 2024 Arsenal: LIBIHT — A Cross-Platform Library for Accessing Intel Hardware Trace Features && SURE 2025: LibIHT — A Hardware-Based Approach to Efficient and Evasion-Resistant Dynamic Binary Analysis