Zhenpeng Lin
Email: zplin@u.northwestern.edu
Twitter Google Scholar CV PGP Key
I am a Security Researcher at Apple. I obtained my Ph.D. degree from Northwestern University under the supervision of Dr. Xinyu Xing. My Research focuses on OS exploitation and defense. I love hacking in the real world. I have done many Linux kernel exploitation and contributed many security fixes to Linux kernel. I used to play CTF a lot with team Nu1L, now with StrawHat.
06/2024 One paper studying “page spray” technique in Linux kernel is accepted to USENIX Security 2024!
02/2024 SeaK is accepted to USENIX Security 2024!
09/2023 CAMP is accepted to USENIX Security 2024!
08/2023 I passed my dissertation defense!
07/2023 One paper introducing a new kernel exploitation technique is accepted to CCS 2023.
06/2023 One briefing about rooting Android with io_uring is accepted to Black Hat USA 2023.
06/2023 One paper about evaluating kernel patch correctness is accepted to USENIX Security 2023.
06/2023 I will be joining Apple as a Security Researcher this summer.
10/2022 GREBE is accepted to CSAW 2022 Finalists.
08/2022 DirtyCred is accepted to CCS.
07/2022 I report (and exploit) a kernel 0day that could affect millions of Android devices to Google. [pixel 6 demo] [s22 demo]
06/2022 Our submission of a new exploitation approach is accepted to Black Hat USA.
05/2022 We (team TUTELARY at NU) pwned lastest Ubuntu system at Pwn2Own. [press]
11/2021 I am the very first to successfully exploit Google’s COS through KCTF VRP.
Take a Step Further: Understanding Page Spray in Linux Kernel Exploitation
Ziyi Guo, Dang K Le, Zhenpeng Lin, Kyle Zeng, Ruoyu Wang, Tiffany Bao, Yan Shoshitaishvili, Adam Doupé, Xinyu Xing
USENIX Security 2024
SeaK: Rethinking the Design of a Secure Allocator for OS Kernel
Zicheng Wang, Yicheng Guang, Yueqi Chen, Zhenpeng Lin, Michael Le, Dang K Le, Dan Williams, Xinyu Xing, Zhongshu Gu, Hani Jamjoom
USENIX Security 2024
CAMP: Compiler and Allocator-based Heap Memory Protection
Zhenpeng Lin, Zheng Yu, Ziyi Guo, Simone Campanoni, Peter Dinda, and Xinyu Xing
USENIX Security 2024
RetSpill: Igniting User-Controlled Data to Burn Away Linux Kernel Protections
Kyle Zeng, Zhenpeng Lin, Kangjie Lu, Xinyu Xing, Fish Wang, Adam Doupé, Yan Shoshitaishvili, Tiffany Bao
CCS 2023
Bad io_uring: A New Era of Rooting for Android
Zhenpeng Lin, Xinyu Xing, Zhaofeng Chen, Kang Li
Black Hat USA 2023 [slides] [exploit] [pixel 6 demo] [s22 demo]
Mitigating Security Risks in Linux with KLAUS: A Method for Evaluating Patch Correctness
Yuhang Wu, Zhenpeng Lin, Yueqi Chen, Dang K Le, Dongliang Mu, Xinyu Xing
USENIX Security 2023
DirtyCred: Escalating Privilege in Linux Kernel
Zhenpeng Lin, Yuhang Wu, Xinyu Xing
ACM CCS 2022 [code] [slides] [qualify exam slides]
Cautious! A New Exploitation Method! No Pipe but as Nasty as Dirty Pipe
Zhenpeng Lin, Yuhang Wu, Xinyu Xing
Black Hat USA 2022 [slides]
GREBE: Unveiling Exploitation Potential for Linux Kernel Bugs
Zhenpeng Lin, Yueqi Chen, Yuhang Wu, Dongliang Mu, Chensheng Yu, Xinyu Xing, Kang Li
IEEE S&P 2022 (CSAW 22 Finalist) [code] [slides]
An In-depth Analysis of Duplicated Linux Kernel Bug Reports
Dongliang Mu, Yuhang Wu, Yueqi Chen, Zhenpeng Lin, Chensheng Yu, Xinyu Xing, Gang Wang
NDSS 2022
Your Trash Kernel Bug, My Precious 0-day
Zhenpeng Lin, Yueqi Chen, Xinyu Xing, Kang Li
Black Hat Europe 2021 [slides]
Finding Multiple Bug Effects for More Precise Exploitability Estimation
Zhenpeng Lin, Yueqi Chen
Linux Security Summit North America 2021 [slides]
A General Approach to Bypassing Many Kernel Protections and its Mitigation
Yueqi Chen, Zhenpeng Lin, Xinyu Xing
Black Hat Asia 2021 [slides]
A Systematic Study of Elastic Objects in Kernel Exploitation
Yueqi Chen, Zhenpeng Lin, Xinyu Xing
ACM CCS 2020 [code] [slides] [video]
Bypassing Many Kernel Protections Using Elastic Objects
Yueqi Chen, Zhenpeng Lin
Linux Security Summit Europe 2020 [slides]
CVE-2021-3715
CVE-2017-8187
CVE-2017-8188
CVE-2017-8190
CVE-2017-8191
CVE-2017-17223
CVE-2017-17221
CVE-2017-17222
How AUTOSLAB Changes the Memory Unsafety Game
2022, Google, $50337 reward
2022, Pwn2Own Winner
2021, LSS North America, Student Travel Grant Award
2021, 7th at DEF CON 29 CTF Finals, Team Nu1L
2021, Black Hat USA, Student Scholarship
2020, Black Hat USA, Student Scholarship
External reviewer
Follow me on and , SUBSCRIBE.