Junmin Zhu(朱君敏)

Junmin Zhu(朱君敏)

Security Researcher / CTFer@Shellphish

I am a first year PhD student at SecLab@UCSB, advised by Prof. Giovanni Vigna and Prof. Christopher Kruegel. My previous research focuses on Web Security, while I am currently working on how to use LLMs to improve the performance of static analysis and fuzzing. Additionally, I participate in CTFs as a member of Shellphish and 0ops. I am also a part of the AIxCC team at Shellphish, where I built components that utilize LLMs to discover vulnerabilities.

Education

  • Ph.D. in Computer Science, University of California, Santa Barbara, USA, 2024 -
  • M.S. in Cyberspace Security, Shanghai JiaoTong University, Shanghai, CN, 2020 - 2023
  • B.E. in Information Security, Northeastern University, Shenyang, CN, 2016 - 2020

Experience

  • Sep 2023 - Present, Research Scholar, Purdue University, Adivsed by Prof. Xiangyu Zhang
  • May 2022 - Jul 2022, Remote Summer Intern, Johns Hopkins University, Adivsed by Prof. Yinzhi Cao
  • Sep 2021 - May 2022: Security Researcher Intern, Qi An Xin Technology Research Institute
  • Oct 2019 - Jan 2020: Security Service Engineer Intern, Chaitin Tech

Publications

  • Vulnerability-oriented Testing for RESTful APIs
    Wenlong Du, Jian Li, Yanhao Wang, Libo Chen, Ruijie Zhao, Junmin Zhu, Zhengguang Han, Yijun Wang, Zhi Xue
    USENIX Security 2024

  • CoCo: Efficient Browser Extension Vulnerability Detection via Coverage-guided, Concurrent Abstract Interpretation
    Jianjia Yu, Song Li, Junmin Zhu, and Yinzhi Cao
    CCS 2023 Distinguished Paper Award.

  • From Exposed to Exploited: Drawing the Picture of Industrial Control Systems Security Status in the Internet Age
    Yixiong Wu, Jianwei Zhuge, Tingting Yin, Tianyi Li, Junmin Zhu, Guannan Guo, Yue Liu, Jianju Hu
    ICISSP 2021.

Selected Awards

  • Aug 2025 - 5th Place in AIxCC Finals, Shellphish
  • Aug 2022 - Qiangwang Cup 2022 Champion, 0ops.
  • May 2022 - DEFCON CTF 2022 Second Place, Katzebin.
  • Dec 2021 - ByteCTF First Place, 0ops.
  • Jun 2021 - XCTF Final Second Place, 0ops.
  • May 2021 - DEFCON CTF 2021 Champion, Katzebin.
  • Nov 2020 - X-NUCA CTF 2020 First Prize, 0ops.

CVE

CVE-2023-44072 CVE-2023-46896 CVE-2023-46897 CVE-2023-46898