Zechao Cai
Systems Researcher
Zechao Cai is a PhD student at the Department of Computer Science, ETH Zurich. His research interests lie in computer systems in general.
DaLens: Charting DNS Self-Amplification Threats at Large
Liwen Xu, Zechao Cai, Huayi Duan, Adrian Perrig
USENIX Security Symposium. 2026.
Resolve the Unresolved: Systematic Work Profiling for DNS Resolvers
Liwen Xu, Huayi Duan, Zechao Cai, Adrian Perrig
Security and Privacy (S&P). 2026.
M1Pecker: A Dynamic Analysis Framework for Pointer Authentication in Apple M1 Chips
Jiaxun Zhu, Zechao Cai, Wenbo Shen, Yutian Yang, Rui Chang
IEEE Transactions on Dependable and Secure Computing (TDSC). 2026.
Chekhovβs Gun: Uncovering Hidden Risks in macOS Application-Sandboxed PID-Domain Services π
Minghao Lin, Jiaxun Zhu, Tingting Yin, Zechao Cai, Guanxing Wen, Yanan Guo, and Mengyuan Li
Computer and Communications Security (CCS). 2025.
CrossFire: Fuzzing macOS Cross-XPU Memory on Apple Silicon π
Jiaxun Zhu, Minghao Lin, Tingting Yin, Zechao Cai, Yu Wang, Rui Chang, and Wenbo Shen
Computer and Communications Security (CCS). 2024.
Demystifying Pointer Authentication on Apple M1 π
Zechao Cai, Jiaxun Zhu, Wenbo Shen, Yutian Yang, Rui Chang, Yu Wang, Jinku Li, and Kui Ren
USENIX Security Symposium. 2023.
Apple PAC, Four Years Later: Reverse Engineering the Customized Pointer Authentication Hardware Implementation on Apple M1 π
Zechao Cai, Jiaxun Zhu, Yutian Yang, Wenbo Shen, and Yu Wang
Black Hat USA. 2023.
I created and led this research track at Zhejiang University. We built a hypervisor for Apple Silicon and did various interesting hacking (you can find our work on USENIX SEC β23, CCS β24 β25, and Black Hat β23). Although Iβd like to try something else during my PhD, I am still very interested in Apple Silicon stuff and open to collaboration, so if you are interested in doing research π/hacking π with us on Apple Silicon, we should talk π.
Demystifying Pointer Authentication on Apple M1 (Invited on-site talk).
Network and Information Security Lab @Tsinghua University.
Demystifying Pointer Authentication on Apple M1 (Online talk)
USENIX Security '23. Aug 2023.
Apple PAC, Four Years Later: Reverse Engineering the Customized Pointer Authentication Hardware Implementation on Apple M1 (Online talk)
Black Hat USA 2023. Aug 2023.
zechao [dot] cai [at] inf [dot] ethz [dot] ch
Department of Computer Science, ETH Zurich
