Minghao Lin

A photo of J. Doe

I am an independent security researcher. I was a research assistant at Zhejiang University, advised by Prof. Wenbo Shen. Prior to this, I was a visiting scholar at the University of Colorado Boulder, advised by Prof. Yueqi Chen. I also worked closely with Prof. Mingxue Zhang at Zhejiang University. I obtained my bachelor’s degree from Jiangxi Normal University at 2022. During university, I founded the Hyacinth Information Security Studio (JXNUSEC) to encourage more undergraduate and graduate students to engage in the field of cybersecurity. As a security researcher, I have discovered numerous bugs in well-known targets, receiving credits and bounties from various vendors.

I can be reached at yenkoclike@gmail.com.

Experiences

2023.09 - 2024.06 Research Assistant, Zhejiang University, advised by Prof. Wenbo Shen
2023.01 - 2023.08 Visiting Scholar, The University of Colorado Boulder, advised by Prof. Yueqi Chen
2022.01 - 2023.01 Senior Security Engineer, Embedded and Mobile Security Group, NIO Inc, Full time.
2021.10 – 2022.01 Reverse Engineer, Game Security Center, Tencent Inc, Intern
2021.02 – 2021.09 Mobile Security Researcher, Xuanwu Lab and Keen Lab, Tencent Inc, Intern

Academic Publications

* indicates equal contribution
CrossFire: Fuzzing macOS Cross-XPU Memory on Apple Silicon
CLExtract: Recovering Highly Corrupted DVB/GSE Satellite Stream with Contrastive Learning

Industrial Publications

Kill Latest MPU-based Protections in Just One Shot: Targeting All Commodity RTOSes
An End-to-End Tool Decoding Highly Corrupted Satellite Stream from Eavesdropping
RTHunter:the High-Accuracy Reverse Symbol Recovery and Vulnerability Scanning Tool

Bugs

Well-known Operate Systems (macOS/iOS/Windows/Android)

  • CVE-2024-40788, CVE-2024-27826, Multiple Apple Neutral Engine Compiler Errors, CVE-2024-43533, CVE-2024-20136, CVE-2024-20116, CVE-2024-20107, CVE-2024-20097, CVE-2024-20096, CVE-2024-20095, CVE-2024-20093, CVE-2024-20092, CVE-2024-20091, CVE-2024-20090, CVE-2024-20088, CVE-2024-20083, CVE-2024-20013, CVE-2023-32876, CVE-2023-32875, CVE-2023-32873, CVE-2023-32872, CVE-2023-32821, CVE-2023-32819, CVE-2023-32818, CVE-2023-20833, CVE-2023-20823, CVE-2023-20780, CVE-2023-20759, CVE-2023-20758, CVE-2023-20757, CVE-2023-20755, CVE-2023-20711, CVE-2023-20708, CVE-2023-20635, CVE-2023-20634

IOT Devices (FreeRTOS, TP-Link, D- Link, Tenda, Fast, MERCURY, DrayTek, SonicWall, Cisco, AMD)

  • CVE-2024-28115, CVE-2022-30472, CVE-2022-30473, CVE-2022-30474, CVE-2022-30475, CVE-2022-30476, CVE-2022-30477, CVE-2022-20842, CVE-2021-31755, CVE-2021-31757, CVE-2020-19667, CVE-2020-19668, CVE-2020-28877, CVE-2020-28373, CVE-2020-19662, CVE-2020-19664, CVE-2020-19663, CVE-2020-14993, CVE-2020-15415

Open source Projects

Credits: Jiaxun Zhu, Xilong Zhang@Resery, Mas0n, peanuts, Cylin, who collaborated with me to find these bugs.

Main Awards as A Core Member

• 2024 Geekcon AVSS Contest International Final, 1st, $3000
• 2023 DataCon Big Data Vulnerability Analysis Track, 2st, $4000
• 2022 DataCon Big Data IOT Security Track Online, 1st, $2500
• 2022 Tencent Game Security CTF Final, 6th
• 2021 National Industrial Internet CTF Student Group, 1st, $4000
• 2021 Jiangxi Industrial Internet Provincial CTF, 1st, $3000
• 2021 Jiangxi College Student Network Security Competition, 1st, $700
• 2021 National offensive and defensive drills (with Tencent attack team), 1st