Hello👋! I’m Bocheng Xiang, a Ph.D. student in the System and Software Security Laboratory at Fudan University, advised by Prof. Yuan Zhang. I am also the captain of Whitzard, the CTF team of Fudan University.

My research interests span web security, operating system security, and Java security. To date, I have published two papers at top-tier security conferences, both in USENIX Security. In addition to academic research, I have discovered hundreds of high-impact 0-day vulnerabilities, which have been acknowledged in security advisories by major technology companies, including Apple, Microsoft, Intel, HP, Tencent, and VMware. Many of these vulnerabilities have received monetary rewards, with my total bug bounty earnings exceeding $50,000.

🔥 News

• [2025.07] 🎉 I’ve made 2025 MSRC MVR!
• [2025.06] 🎉 One paper accepted by USENIX Security 2025!
• [2025.05] 🎉 One talk accepted by BlackHat USA 2025! [Talk Abstract]
• [2024.12] 🎉 One paper accepted by USENIX Security 2025!
• [2024.08] 🎉 I’ve made 2024 MSRC MVR!

📝 Publications

USENIX Security’25 Pig in a Poke: Automatically Detecting and Exploiting Link Following Vulnerabilities in Windows File Operations [PDF]
Bocheng Xiang, Yuan Zhang, Fengyu Liu, Hao Huang, Zihan Lin, Min Yang.
In Proceedings of the 34th USENIX Security Symposium (USENIX Security), August 2025. (CCF-A)

USENIX Security’25 Effective Directed Fuzzing with Hierarchical Scheduling for Web Vulnerability Detection [PDF]
Zihan Lin, Yuan Zhang, Jiarun Dai, Xinyou Huang, Bocheng Xiang, Guangliang Yang, Letian Yuan, Lei Zhang, Fengyu Liu, Tian Chen, Min Yang.
In Proceedings of the 34th USENIX Security Symposium (USENIX Security), August 2025. (CCF-A)

📖 Educations

• Ph.D. in National Security, 2023-2028 (expected) 2023.09 - now, Ph.D, Fudan University, School of Computer Science.

• Bachelor in Cyberspace Security, 2019-2023 School of Cyberspace Security, Beijing University of Posts and Telecommunications

🏅 Rewards

• [Jul. 2025] Got first prize at 18th National College Student Information Security Competition with 「Whitzard」
• [May. 2025] Got 🏅 at 18th National College Student Software Innovation Competition with 「复旦大学攻防赛1队」
• [Dec. 2024] Got first prize(No.4) at 3rd China Postgraduate Cybersecurity Innovation with 「Whitzard」
• [Jul. 2024] Got 🥉 at 9th Shanghai University Student Cybersecurity Competition with 「Whitzard」
• [Jul. 2024] Got 🥉 at 17th National College Student Information Security Competition with 「Whitzard」
• [Aug. 2023] Got 🏅 at 2023 “Peak Geek” Cybersecurity Skills Challenge with 「小学生」
• [Dec. 2022] Got 🏅 at 5th “Qiangwang” (cyberspace power) International Elite Challenge on Cyber Mimic Defense with 「Dubhe」
• [Oct. 2021] Got 🏅 at XCTF-SCTF2021 with 「Dubhe」
• [Sep. 2021] Got 🥈 at TCTF2021 Rising Star with 「emmmm」

💻 Internships

• 2022.04 - 2023.09, Keen Lab, Tencent, China.
• 2021.07 - 2021.10, Security Strategy Research Team, Chaitin, China.