publications

2026

1. WOOT’26

   Squeezing Juicy Variant Bugs Out of Modern Browsers

   Han Zheng, Flavio Toffalini, Qiang Liu, and 1 more author

   In 20th USENIX WOOT Conference on Offensive Technologies (WOOT 26), 2026

   17,500 USD bounty from Chrome VRP
   

   17,500 USD bounty from Chrome VRP

2. NDSS’26

   Sysyphuzz: the Pressure of More Coverage

   Zezhong Ren, Han Zheng, Zhiyao Feng, and 5 more authors

   In 33nd Annual Network and Distributed System Security Symposium, NDSS, 2026

   PDF Code

2025

1. FSE’25

   MendelFuzz: The Return of the Deterministic Stage

   Han Zheng, Flavio Toffalini, Marcel Böhme, and 1 more author

   In Proceedings of the ACM International Conference on the Foundations of Software Engineering, 2025

   Default mode in AFL++ since v4.10c
   DOI PDF Code Slides

   Default mode in AFL++ since v4.10c

2. Arxiv’25

   Fixing 7,400 Bugs for 1$: Cheap Crash-Site Program Repair

   Han Zheng, Ilia Shumailov, Tianqi Fan, and 2 more authors

   In arXiv preprint arXiv:2505.13103, 2025

   PDF
3. Arxiv’25

   Cuckoo Attack: Stealthy and Persistent Attacks Against AI-IDE

   Xinpeng Liu, Junming Liu, Peiyu Liu, and 5 more authors

   arXiv preprint arXiv:2509.15572, 2025

   PDF

2024

1. SBFT@ICSE’24

   TuneFuzz: Adaptively Exploring Target Programs

   Han Zheng, Flavio Toffalini, and Mathias Payer

   In Proceedings of the 17th ACM/IEEE International Workshop on Search-Based and Fuzz Testing, 2024

   DOI PDF Code

2023

1. Security’23

   FishFuzz: Catch deeper bugs by throwing larger nets

   Han Zheng, Jiayuan Zhang, Yuhang Huang, and 6 more authors

   In 32nd USENIX Security Symposium (USENIX Security 23), 2023

   Second place in SBFT 2024 Fuzzing Competition
   DOI PDF Code Slides

   Second place in SBFT 2024 Fuzzing Competition

2021

1. JournalCRD

   A review of fuzzing techniques (In Chinese)

   Zezhong Ren, Han Zheng, Jiayuan Zhang, and 5 more authors

   2021