About

About me 🤓

Yiwen Xu is a security researcher and a postgraduate student at Tsinghua University, focusing on migitations against IoT malware attacks and also keen to vulnerability exploitation skills as well as fuzzing.

Please drop me an email (xuyiwen14@gmail.com) to contact if anything meets your interests.

Education

2020–2023 Tsinghua University, Software Engineering, Supervised by Prof. Yu Jiang.

• Ranking – 5/84, GPA – 3.95/4.00

2016–2020 Hunan University, Information(Cyber) Security.

• Ranking – 1/47, GPA – 3.91/4.00

Research Interests

• IoT Security

• Vulnerability Exploitation or CTF PWN

• Fuzzing

• Operating System

Publications

Midas: Safeguarding IoT Devices Against Malware via Real-Time Behavior Auditing. (EMSOFT’22)

Yiwen Xu*, Zijing Yin* (Co-First), Yiwei Hou, Yu Jiang.

Empirical Study of System Resources Abused by IoT Attackers. (ASE’22)

Zijing Yin*, Yiwen Xu* (Co-First), Chijin Zhou, Yu Jiang.

EM-Fuzz: Augmented Firmware Fuzzing via Memory Checking. (EMSOFT’20 - Best Paper Nominee.)

Jian Gao, Yiwen Xu, Yu Jiang, Zhe Liu,Wanli Chang, Xun Jiao, Jiaguang Sun.

Scanner++: Enhanced Vulnerability Detection of Web Applications with Attack Intent Synchronization. (TOSEM’21)

Zijing Yin, Yiwen Xu, Fuchen Ma, Haohao Gao, Lei Qiao, Yu Jiang.

Brief Industry Paper: Catching IoT Malware in the Wild Using HoneyIoT. (RTAS’21)

Yiwen Xu, Yu Jiang, Lu Yu, Juan Li.

Internship

Security Researcher at Singularity Security Lab, from Jun 2022 to Aug 2022.

Working on Kernel Vulnerability Exploitation and Malicious APK Analysis

• Exploitation of a N-day data race vulnerability(CVE-2020-29660) of PTY subsystem in Linux Kernel 4.19 to achieve the privilege escalation, which can also be exploited on Android Kernel 4.4.
• Analyzing behaviors of malicious APKs using Frida and Java decompiler. Also with other researchers, establishing a run-time behavior analysis sandbox on Android 12 for unknown potential threats.

Hobby

1. Fingerstyle Guitar
   • Love playing songs, like Red shoes dance, Let It Go, Say Something, Closer, etc.
   • Enjoy music from my favorite fingersyle guitarist Kotaro Oshio, a super star in many Asian countries and playing many beautiful songs. Everyone can listen his music time after time from sunrise till sunset!!!
2. Photography
   • Record slight changes in my life, keeping me motivated to take more photos.
   • See the Gallery Tab of my blog.
3. Badminton
   • Keep exercising
   • Happy teamwork and cooperation with my doubles partners.