Zhenpeng Lin

Email: zplin@u.northwestern.edu

Twitter Google Scholar CV PGP Key

I am a Security Researcher at Apple. I obtained my Ph.D. degree from Northwestern University under the supervision of Dr. Xinyu Xing. My Research focuses on OS exploitation and defense. I love hacking in the real world. I have done many Linux kernel exploitation and contributed many security fixes to Linux kernel. I used to play CTF a lot with team Nu1L, now with StrawHat.


09/2023 CAMP is accepted to USENIX Security 2024!

08/2023 I passed my dissertation defense!

07/2023 One paper introducing a new kernel exploitation technique is accepted to CCS 2023.

06/2023 One briefing about rooting Android with io_uring is accepted to Black Hat USA 2023.

06/2023 One paper about evaluating kernel patch correctness is accepted to USENIX Security 2023.

06/2023 I will be joining Apple as a Security Researcher this summer.

10/2022 GREBE is accepted to CSAW 2022 Finalists.

08/2022 DirtyCred is accepted to CCS.

07/2022 I report (and exploit) a kernel 0day that could affect millions of Android devices to Google. [pixel 6 demo] [s22 demo]

06/2022 Our submission of a new exploitation approach is accepted to Black Hat USA.

05/2022 We (team TUTELARY at NU) pwned lastest Ubuntu system at Pwn2Own. [press]

11/2021 I am the very first to successfully exploit Google’s COS through KCTF VRP.


CAMP: Compiler and Allocator-based Heap Memory Protection
Zhenpeng Lin, Zheng Yu, Ziyi Guo, Simone Campanoni, Peter Dinda, and Xinyu Xing
USENIX Security 2024

RetSpill: Igniting User-Controlled Data to Burn Away Linux Kernel Protections
Kyle Zeng, Zhenpeng Lin, Kangjie Lu, Xinyu Xing, Fish Wang, Adam Doupé, Yan Shoshitaishvili, Tiffany Bao
CCS 2023

Bad io_uring: A New Era of Rooting for Android
Zhenpeng Lin, Xinyu Xing, Zhaofeng Chen, Kang Li
Black Hat USA 2023 [slides] [exploit] [pixel 6 demo] [s22 demo]

Mitigating Security Risks in Linux with KLAUS: A Method for Evaluating Patch Correctness
Yuhang Wu, Zhenpeng Lin, Yueqi Chen, Dang K Le, Dongliang Mu, Xinyu Xing
USENIX Security 2023

DirtyCred: Escalating Privilege in Linux Kernel
Zhenpeng Lin, Yuhang Wu, Xinyu Xing
ACM CCS 2022 [code] [slides] [qualify exam slides]

Cautious! A New Exploitation Method! No Pipe but as Nasty as Dirty Pipe
Zhenpeng Lin, Yuhang Wu, Xinyu Xing
Black Hat USA 2022 [slides]

GREBE: Unveiling Exploitation Potential for Linux Kernel Bugs
Zhenpeng Lin, Yueqi Chen, Yuhang Wu, Dongliang Mu, Chensheng Yu, Xinyu Xing, Kang Li
IEEE S&P 2022 (CSAW 22 Finalist) [code] [slides]

An In-depth Analysis of Duplicated Linux Kernel Bug Reports
Dongliang Mu, Yuhang Wu, Yueqi Chen, Zhenpeng Lin, Chensheng Yu, Xinyu Xing, Gang Wang
NDSS 2022

Your Trash Kernel Bug, My Precious 0-day
Zhenpeng Lin, Yueqi Chen, Xinyu Xing, Kang Li
Black Hat Europe 2021 [slides]

Finding Multiple Bug Effects for More Precise Exploitability Estimation
Zhenpeng Lin, Yueqi Chen
Linux Security Summit North America 2021 [slides]

A General Approach to Bypassing Many Kernel Protections and its Mitigation
Yueqi Chen, Zhenpeng Lin, Xinyu Xing
Black Hat Asia 2021 [slides]

A Systematic Study of Elastic Objects in Kernel Exploitation
Yueqi Chen, Zhenpeng Lin, Xinyu Xing
ACM CCS 2020 [code] [slides] [video]

Bypassing Many Kernel Protections Using Elastic Objects
Yueqi Chen, Zhenpeng Lin
Linux Security Summit Europe 2020 [slides]




How AUTOSLAB Changes the Memory Unsafety Game

Honors and Awards

2022, Google, $50337 reward
2022, Pwn2Own Winner
2021, LSS North America, Student Travel Grant Award
2021, 7th at DEF CON 29 CTF Finals, Team Nu1L
2021, Black Hat USA, Student Scholarship
2020, Black Hat USA, Student Scholarship

Community Services

External reviewer

  • IEEE S&P 2023
  • IEEE S&P 2022, USENIX Security 2022, ACM CCS 2022
  • USENIX Security 2021, ACM CCS 2021
  • USENIX Security 2020, ACM CCS 2020