Junmin Zhu(朱君敏)

Junmin Zhu(朱君敏)

Web Security Researcher/ CTFer@0ops

I am a visiting scholar in the Computer Science department at Purdue University, advised by Prof. Xiangyu Zhang. My research focuses on Web Security, and I am keen on delving into Web3 Security in the future.

Before coming to Purdue, I received my master’s degree at School of Cyber Science and Engineering at Shanghai Jiao Tong University. I was a member of NSSL. Additionally, I participated in CTFs as a member of 0ops and Katzebin.

I am currently looking for a PhD position in 24 Fall.

Education

  • M.S. in Cyberspace Security, Shanghai JiaoTong University, Shanghai, 2023, advised by Kaiyue Qi and Libo Chen.
  • B.E. in Information Security, Northeastern University, Shenyang, 2020

Experience

  • Sep 2023 - Present, Research Scholar, Purdue University
    • Advisor: Prof. Xiangyu Zhang
  • May 2022 - Jul 2022, Summer Intern, Johns Hopkins University (Remote)
    • Advisor: Prof. Yinzhi Cao
    • JavaScript program analysis and browser plugin security issues verification.
  • Sep 2021 - May 2022: Security Researcher Intern, Qi An Xin Technology Research Institute
    • SIP Protocol security research.
  • Oct 2019 - Jan 2020: Security Service Engineer Intern, Chaitin Tech
    • Chatin Tech
    • Perform penetration testing on the client company and provide support for attack and defense drills.

Publications

  • Vulnerability-oriented Testing for RESTful APIs
    Wenlong Du, Jian Li, Yanhao Wang, Libo Chen, Ruijie Zhao, Junmin Zhu, Zhengguang Han, Yijun Wang, Zhi Xue
    USENIX Security 2024

  • CoCo: Efficient Browser Extension Vulnerability Detection via Coverage-guided, Concurrent Abstract Interpretation
    Jianjia Yu, Song Li, Junmin Zhu, and Yinzhi Cao
    CCS 2023 Distinguished Paper Award.

  • SAWD: Structural-Aware Webshell Detection System with Control Flow Graph
    Junmin Zhu*, Yizhao Yao*, Xianwen Deng*, Yaoguang Yong, Yanhao Wang, Libo Chen, Zhi Xue, Ruijie Zhao
    SEKE 2023.

  • From Exposed to Exploited: Drawing the Picture of Industrial Control Systems Security Status in the Internet Age
    Yixiong Wu, Jianwei Zhuge, Tingting Yin, Tianyi Li, Junmin Zhu, Guannan Guo, Yue Liu, Jianju Hu
    ICISSP 2021.

Selected CTF Awards

  • Aug 2022 - Qiangwang Cup 2022 Champion, 0ops.
  • May 2022 - DEFCON CTF 2022 Second Place, Katzebin.
  • Dec 2021 - ByteCTF First Place, 0ops.
  • Jun 2021 - XCTF Final Second Place, 0ops.
  • May 2021 - DEFCON CTF 2021 Champion, Katzebin.
  • Nov 2020 - X-NUCA CTF 2020 First Prize, 0ops.

CVE

CVE-2023-44072 CVE-2023-46896 CVE-2023-46897 CVE-2023-46898