Han Zheng
PhD Student at HexHive
École Polytechnique Fédérale de Lausanne
Switzerland

I’m a PhD Student at HexHive@EPFL, advised by Prof. Mathias Payer. I received my master degree in University of Chinese Academy of Science in 2023 and my bachelor in Xidian University in 2020. I’m broadly interested in Software and System security. Specifically, my work focus on 1) finding bugs in open-source software by fuzzing and static analysis 2) improving the automatic program repairing techniques to reduce the developer efforts.
I actively contribute to community by submitting bug reports and intergrating my research prototypes. So far I reported over 50 CVEs for widely used open source softwares and integrated my research prototypes in AFL++, one of the most widely used greybox fuzzing framework.
I enjoy bug hunting on complex software system for fun and profits. By leveraging static analysis, fuzzing and code auditing, I successfully found a series of vulnerbilities in web browsers and rank #42 in Google VRP 2024, receiving 25,000 USD bug bounties. Beside memory corruption, I discovered several logical vulnerabilities in Microsoft products.
Feel free to drop me an email in case of any questions!
news
May 17, 2025 | MendelFuzz receive available and reusable (subsumes functional) badges! |
---|---|
Mar 11, 2025 | I’m honored to be invited to serve on the FUZZING’25 Program Committee. |
Mar 01, 2025 | I ranked #42 in Google VRP 2024, and received 25,000 USD bounty from Chrome VRP last year. |
Jan 14, 2025 | MendelFuzz was accepted by Foundations of Software Engineering 2025! |
Apr 26, 2023 | FishFuzz was accepted by USENIX Security 2023! |