AboutMe

Bio

Ju Zhu has 10+ years of experience in Advanced Threat Research. Now he works for Meituan. Currently, he focuses on research about 0Day, nDay and vulnerability. He has been working on using automated systems to hunt advanced threats. He has found the first malware that exploited nDay(CVE-2014-7911) to attack smart TV at Christmas in 2015. In 2016, he also found a lot of malware using 0Day(CVE-2016-4606, CVE-2016-4659, CVE-2016-7651) attack victims in the 3rd Party App Store, and named them "Landmine". In 2017, he has hunted a suspected ransomware remote attack based on profile installation towards to iOS platform distributed in the wild at the first time, and proposed one new remote attack interface on iOS system research. He named them "Death Profile" and shared the topic at BlackHat Asia 2018. In 2018, his “Art of Dancing with Shackles” was selected by BlackHat USA 2018, and he shared "Wow, PESSR has Eroded Apple in Blink" at Code Blue 2018.

https://www.blackhat.com/asia-18/speakers/Ju-Zhu.html

https://www.blackhat.com/us-18/presenters/Ju-Zhu.html

https://codeblue.jp/2018/en/speakers (Ju Zhu)

https://www.blackhat.com/us-21/arsenal/schedule/presenters.html#ju-zhu-36513

Research Results

2015

http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-sextortion-in-the-far-east.pdf

http://blog.trendmicro.com/trendlabs-security-intelligence/the-samsung-swiftkey-vulnerability-what-you-need-to-know-and-how-to-protect-yourself

http://blog.trendmicro.com/trendlabs-security-intelligence/sinking-into-the-ios-quicksand-vulnerability

http://blog.trendmicro.com/trendlabs-security-intelligence/the-xcodeghost-plague-how-did-it-happen

2016

http://blog.trendmicro.com/trendlabs-security-intelligence/android-based-smart-tvs-hit-by-backdoor-spread-via-malicious-app

https://support.apple.com/en-us/HT205732 (CVE-2016-1721)

https://support.apple.com/en-us/HT206902 (CVE-2016-4627, CVE-2016-4628, CVE-2016-4653)

https://support.apple.com/en-us/HT207422 (CVE-2016-7651)

http://blog.trendmicro.com/trendlabs-security-intelligence/courier-scammers-intercept-text-messages-leave-traces-google-play

http://blog.trendmicro.com/trendlabs-security-intelligence/how-a-third-party-app-store-abuses-apples-developer-enterprise-program-to-serve-adware

http://blog.trendmicro.com/trendlabs-security-intelligence/helper-haima-malicious-behavior

http://blog.trendmicro.com/trendlabs-security-intelligence/ios-masque-attack-spoof-apps-bypass-privacy-protection (CVE-2016-4606, CVE-2016-4659)

2017

http://blog.trendmicro.com/trendlabs-security-intelligence/ixintpwn-yjsnpi-abuses-ioss-config-profile-can-crash-devices

http://blog.trendmicro.com/trendlabs-security-intelligence/app-stores-formerly-coddled-zniu-found-distributing-new-ixintpwnyjsnpi-variant

https://mp.weixin.qq.com/s/ZtCjdFZ8N5N38xaEjiO6Pg (TSec, Chinese)

2018

https://www.blackhat.com/asia-18/briefings.html#death-profile

https://www.blackhat.com/us-18/arsenal/schedule/#art-of-dancing-with-shackles---best-practice-of-app-store-malware-automatic-hunting-system-12078

https://mp.weixin.qq.com/s/P-PA6EvMVH3US5KzsOe0_Q （Chinese）

https://support.apple.com/en-us/HT209106 （Acknowledge）

https://codeblue.jp/2018/en/talks (Wow, PESSR has Eroded Apple in Blink)

2019

https://mp.weixin.qq.com/s/skgrUPBZ4X5L3IpL_x4oUQ (KCon，Chinese)

https://github.com/knownsec/KCon/blob/master/2019/25%E6%97%A5/APT%E6%A3%80%E6%B5%8B%E8%AE%BE%E5%A4%87%E7%9A%84%E6%89%A9%E5%B1%95%E7%A0%94%E7%A9%B6.pdf (Chinese)

2020

2021

https://www.blackhat.com/us-21/arsenal/schedule/index.html#play-with-fire-uncovering-fairplay-drm-and-obfuscation-for-fun-and-profit-24085