Junmin Zhu(朱君敏)

Junmin Zhu(朱君敏)

Security Researcher/ CTFer@Shellphish

I am a first year PhD student at SecLab@UCSB, advised by Prof. Giovanni Vigna and Prof. Christopher Kruegel. My previous research focuses on Web Security, and I am keen on delving into Web3 Security in the future. Additionally, I participated in CTFs as a member of Shellphish and 0ops.

Education

  • Ph.D. in Computer Science, University of California, Santa Barbara, USA, 2024 -
  • M.S. in Cyberspace Security, Shanghai JiaoTong University, Shanghai, CN, 2020 - 2023
  • B.E. in Information Security, Northeastern University, Shenyang, CN, 2016 - 2020

Experience

  • Sep 2023 - Present, Research Scholar, Purdue University
    • Advisor: Prof. Xiangyu Zhang
  • May 2022 - Jul 2022, Summer Intern, Johns Hopkins University (Remote)
    • Advisor: Prof. Yinzhi Cao
    • JavaScript program analysis and browser plugin security issues verification.
  • Sep 2021 - May 2022: Security Researcher Intern, Qi An Xin Technology Research Institute
    • SIP Protocol security research.
  • Oct 2019 - Jan 2020: Security Service Engineer Intern, Chaitin Tech
    • Chatin Tech
    • Perform penetration testing on the client company and provide support for attack and defense drills.

Publications

  • Vulnerability-oriented Testing for RESTful APIs
    Wenlong Du, Jian Li, Yanhao Wang, Libo Chen, Ruijie Zhao, Junmin Zhu, Zhengguang Han, Yijun Wang, Zhi Xue
    USENIX Security 2024

  • CoCo: Efficient Browser Extension Vulnerability Detection via Coverage-guided, Concurrent Abstract Interpretation
    Jianjia Yu, Song Li, Junmin Zhu, and Yinzhi Cao
    CCS 2023 Distinguished Paper Award.

  • SAWD: Structural-Aware Webshell Detection System with Control Flow Graph
    Junmin Zhu*, Yizhao Yao*, Xianwen Deng*, Yaoguang Yong, Yanhao Wang, Libo Chen, Zhi Xue, Ruijie Zhao
    SEKE 2023.

  • From Exposed to Exploited: Drawing the Picture of Industrial Control Systems Security Status in the Internet Age
    Yixiong Wu, Jianwei Zhuge, Tingting Yin, Tianyi Li, Junmin Zhu, Guannan Guo, Yue Liu, Jianju Hu
    ICISSP 2021.

Selected CTF Awards

  • Aug 2022 - Qiangwang Cup 2022 Champion, 0ops.
  • May 2022 - DEFCON CTF 2022 Second Place, Katzebin.
  • Dec 2021 - ByteCTF First Place, 0ops.
  • Jun 2021 - XCTF Final Second Place, 0ops.
  • May 2021 - DEFCON CTF 2021 Champion, Katzebin.
  • Nov 2020 - X-NUCA CTF 2020 First Prize, 0ops.

CVE

CVE-2023-44072 CVE-2023-46896 CVE-2023-46897 CVE-2023-46898