Zhiwei Lin

Security Engineer, Ant Group

Previously at CURIOSITY Lab, National University of Singapore

I work on AI for Security, Network Security, and Program Analysis, with recent research on vulnerability discovery, software supply chain security, and CDN security. I was advised by Prof. Zhenkai Liang at National University of Singapore, and I am also a core member of CTF team 0x401.

News

2025.7 Joined Ant Group as a Security Engineer.
2025 Two papers accepted by ASE 2025.
2025 Presented CDN Cannon at Black Hat Asia 2025.
2024 CDN Cannon accepted by USENIX Security 2024.

Publications

[ASE'25] A Large-Scale Evolvable Dataset for Model Context Protocol Ecosystem and Security Analysis

Zhiwei Lin, Bonan Ruan, Jiahao Liu, Weibo Zhao

40th IEEE/ACM International Conference on Automated Software Engineering, Tool Demonstrations, 2025. [PDF]

[ASE'25] Propagation-Based Vulnerability Impact Assessment for Software Supply Chains

Bonan Ruan, Zhiwei Lin, Jiahao Liu, Chuqi Zhang, Kaihang Ji, Zhenkai Liang

40th IEEE/ACM International Conference on Automated Software Engineering, 2025. [PDF]

[USENIX Security'24] CDN Cannon: Exploiting CDN Back-to-Origin Strategies for Amplification Attacks

Ziyu Lin, Zhiwei Lin, Ximeng Liu, Jianjun Chen, Run Guo, Cheng Chen, Shaodong Xiao

33rd USENIX Security Symposium, 2024. [PDF]

[arXiv'24] Detecting and Measuring Security Implications of Entangled Domain Verification in CDN

Ziyu Lin, Zhiwei Lin, Run Guo, Jianjun Chen, Mingming Zhang, Ximeng Liu, Tianhao Yang, Zhuoran Cao, Robert H. Deng

arXiv preprint, 2024. [PDF]

Talks

CDN Cannon: Exploiting CDN Back-to-Origin Strategies for Amplification Attacks, Black Hat Asia 2025. [Link]

Experience

2025.7 - Present, Security Engineer, Ant Group.
2024.8 - 2025.6, Research Assistant, CURIOSITY Lab, National University of Singapore.
2024.5 - 2024.8, Security Engineering Intern, Ant Group.
2024.1 - 2024.5, Research Intern, CURIOSITY Lab, National University of Singapore.
2023.8 - 2023.10, Security Research Intern, QI-ANXIN Technology.
2023.3 - 2023.10, Research Intern, NISL, Tsinghua University.

Education

2024.8 - 2025.6, Master of Computing, National University of Singapore.
2020.9 - 2024.7, Bachelor of Engineering, Sichuan University.

Awards and CVEs

2023 National College Student Information Security Contest, 1st Prize.
2022 Anxun Cup CTF National Finals, Champion.
2022 D3CTF International Finals, 3rd Prize.
CVE-2023-51770, CVE-2023-46227, CVE-2023-41578, CVE-2023-42268.