News! 05/2025 Pwned Ubuntu 24.04 at TyphoonPWN 2025.
News! 02/2025 Our paper, System Register Hijacking, got accepted in USENIX Security 2025.
News! 05/2024 Our paper, DirtyPage, got accepted in USENIX Security 2024.
News! 03/2024 Pwned Ubuntu Desktop 23.10 at Pwn2Own Vancouver 2024 (video).

About Me

I’m Yihui (Kyle) Zeng – a PhD student of School of Computing and Augmented Intelligence at Arizona State University (ASU). My primary advisor is Dr. Tiffany Bao, but I also actively work with Dr. Yan Shoshitaishvili, Dr. Ruoyu (Fish) Wang, and Dr. Adam Doupé. I currently work at SEFCOM with a group of amazing cybersecurity researchers. My research focuses on system security, especially on automated program analysis and vulnerability discovery. I was an intern at University of California, Santa Barbara (UCSB) under the supervision of Dr. Giovanni Vigna and Dr. Christopher Kruegel in 2018.

I am a core member of the Shellphish CTF team, under the handle “kylebot”. I’m crazy about CTF. I do PWN, Reversing, and sometimes a little bit of Web and Crypto. I have participated DEF CON CTF and entered the finals every year since I joined the team in 2018. Every year, I organize iCTF, one of the largest attack-defense hacking competition in the world.

I am active in the open-source community: I am a core developer of the binary analysis platform angr, leading the development of the automatic exploitation generation framework rex, maintaining the popular educational heap exploitation project how2heap, and more.

Recently, under Google’s kCTF VRP program, I successfully performed Container Escape five times with four different novel exploitation techniques in Google Kubernetes Engine (GKE) (and won a lot of cash). In Aug 2022, I was fortunate enough to get the first maximum bounty in kCTF’s entire history (before it raised the bounty). I am a winner of Pwn2Own and TyphoonPWN.

Publications

System Register Hijacking: Compromising Kernel Integrity By Turning System Registers Against the System
Jennifer Miller, Manas Ghandat, Kyle Zeng, Hongkai Chen, Abdelouahab (Habs) Benchikh, Tiffany Bao, Ruoyu Wang, Adam Doupé, Yan Shoshitaishvili
Proceedings of the USENIX Security Symposium,
Seattle, USA, August 2025
[artifact]

Take a Step Further: Understanding Page Spray in Linux Kernel Exploitation
Ziyi Guo, Dang K Le, Zhenpeng Lin, Kyle Zeng, Ruoyu Wang, Tiffany Bao, Yan Shoshitaishvili, Adam Doupé, Xinyu Xing
Proceedings of the USENIX Security Symposium,
Philadelphia, USA, August 2024.
[code][slides]

RetSpill: Igniting User-Controlled Data to Burn Away Linux Kernel Protections
Kyle Zeng, Zhenpeng Lin, Kangjie Lu, Xinyu Xing, Ruoyu Wang, Adam Doupé, Yan Shoshitaishvili, Tiffany Bao
Proceedings of the ACM Conference on Computer and Communications Security (CCS),
Copenhagen, Denmark, November 2023.
[code][slides]

Greenhouse: Single-Service Rehosting of Linux-Based Firmware Binaries in User-Space Emulation
Hui Jun Tay, Kyle Zeng, Jayakrishna Menon Vadayath, Arvind S Raj, Audrey Dutcher, Tejesh Reddy, Wil Gibbs, Zion Leonahenahe Basque, Fangzhou Dong, Zack Smith, Adam Doupé, Tiffany Bao, Yan Shoshitaishvili, Ruoyu Wang
Proceedings of the USENIX Security Symposium,
Anaheim, USA, August 2023.
[code][slides][video]

Playing for K(H)eaps: Understanding and Improving Linux Kernel Exploit Reliability
Kyle Zeng*, Yueqi Chen*, Haehyun Cho, Xinyu Xing, Adam Doupé, Yan Shoshitaishvili, Tiffany Bao
Proceedings of the USENIX Security Symposium,
Boston, USA August 2022.* indicates equal contribution
[code][slides][video]

Arbiter: Bridging the Static and Dynamic Divide in Vulnerability Discovery on Binary Programs

Jayakrishna Vadayath, Moritz Eckert, Kyle Zeng, Nicolaas Weideman, Gokulkrishna Praveen Menon, Yanick Fratantonio, Davide Balzarotti, Adam Doupé, Tiffany Bao, Ruoyu Wang, Christophe Hauser, Yan Shoshitaishvili
Proceedings of the USENIX Security Symposium,
Boston, USA, August 2022.
[code][slides][video]

SyML: Guiding Symbolic Execution Toward Vulnerable States Through Pattern Learning

Nicola Ruaro, Lukas Dresel, Kyle Zeng, Tiffany Bao, Mario Polino, Andrea Continella, Stefano Zanero, Christopher Kruegel, Giovanni Vigna
Proceedings of the International Symposium on Research in Attacks, Intrusions and Defenses (RAID),
San Sebastian, Spain, October 2021.
[code][slides][video]

An Empirical Study on Mobile Payment Credential Leaks and Their Exploits

Shangcheng Shi, Xianbo Wang, Kyle Zeng, Ronghai Yang, Wing Cheong Lau
Proceedings of the 17th EAI International Conference on Security and Privacy in Communication Networks (SecureComm’21),
Virtual, September 2021.
[slides][video]

Favocado: Fuzzing the Binding Code of JavaScript Engines Using Semantically Correct Test Cases

Sung Ta Dinh, Haehyun Cho, Kyle Martin, Adam Oest, Kyle Zeng, Alexandros Kapravelos, Gail-Joon Ahn, Tiffany Bao, Ruoyu Wang, Adam Doupé, Yan Shoshitaishvili
Proceedings of the Network and Distributed System Security Symposium (NDSS),
Virtual, February 2021.
[code][slides][video]

Not All Coverage Measurements Are Equal: Fuzzing by Coverage Accounting for Input Prioritization

Yanhao Wang, Xiangkun Jia, Yuwei Liu, Kyle Zeng, Tiffany Bao, Dinghao Wu, Purui Su
Proceedings of the Network and Distributed System Security Symposium (NDSS),
San Diego, USA, February 2020.
[code][slides][video]

Honors & Awards

  • Winner of Linux PE Category at TyphoonPWN 2025, SSD Secure Disclosure, 2025
  • Winner of Ubuntu Desktop LPE at Pwn2Own, Vancouver, Canada, 2024
  • Partial Win in Surveillance Systems Category at Pwn2Own (Captain of SEFCOM T0), Toronto, Canada, 2023
  • Google PhD Fellowship, Google, 2023
  • Winner of Ubuntu Desktop LPE at Pwn2Own, Vancouver, Canada, 2023
  • SCAI Doctoral Fellowship, Arizona State University, 2023
  • Partial Win in NAS Category at Pwn2Own (Captain of ASU SEFCOM), Toronto, Canada, 2022
  • kCTF VRP Program (CVE-2022-2585), Google, 2022
  • 13th Place in DEF CON 30 CTF (Shellphish), Las Vegas, USA, 2022
  • kCTF VRP Program (CVE-2022-1786, First Maximum Bounty in kCTF’s history: $91,337), Google, 2022
  • Winner of Linux PE Category at TyphoonPWN 2022, SSD Secure Disclosure, 2022
  • kCTF VRP Program (CVE-2022-29581, with Zhenpeng Lin), Google, 2022
  • SCAI Doctoral Fellowship, Arizona State University, 2022
  • kCTF VRP Program (CVE-2021-4154, with Zhenpeng Lin), Google, 2021
  • 14th Place in DEF CON 29 CTF (Shellphish), Las Vegas, USA, 2021
  • 7th Place in DEF CON 28 CTF (Shellphish), Virtual, 2020
  • Engineering Graduate Fellowship, Arizona State University, 2020
  • 10th Place in DEF CON 27 CTF (Shellphish), Las Vegas, USA, 2019
  • Cybersecurity Fellowship, Arizona State University, 2019

Community Services

  • PC member in International Symposium on Research in Attacks, Intrusions and Defenses (RAID), 2024, 2025
  • PC member in IEEE Workshop on Offensive Technologies (WOOT), 2023, 2024, 2025
  • external reviewer in IEEE Symposium on Security and Privacy (IEEE S&P), 2024
  • external reviewer in USENIX Security, 2022
  • external reviewer in IEEE European Symposium on Security and Privacy (EuroS&P), 2021
  • external reviewer in Annual Computer Security Applications Conference (ACSAC), 2020

Teaching

  • Fall 2022 : Information Assurance (CSE 365), Teaching Assistant
  • Fall 2020 : Software Security (CSE 545), Teaching Assistant

Contact

GitHub: Kyle-Kyle
Email: zengyhkyle<AT>asu.edu
Twitter: @ky1ebot